Security Consultant II – GRC Team

Location: Pittsburgh, PA

Job Type: Full Time / Permanent

The GRC Security Consultant II will report to the Chief Executive Officer and be a part of Governance, Risk, and Compliance (GRC) Team consulting practice, working both independently and as part of a team

Responsibilities:

  • Proactively assist in the management of several clients and keep management updated with progress and issues.
  • Establish effective working relationships directly with clients.
  • Demonstrate and apply a thorough understanding of complex information systems. Quickly gain a working knowledge of client’s IT/Security environments through conversations and observations.
  • Lead assessments of client environments against industry standard frameworks to identify client’s current state of program maturity and identify applicable risks.
  • Work with clients to identify and document their desired maturity state and risk-balanced state and develop a gap assessment and roadmap to guide the process of maturing towards their desired state.
  • Work with clients to document client’s security program through the development of appropriate policies, standards, and processes.
  • Advise client’s teams at all levels from the C-Suite to individual contributors regarding information security governance through mediums such as presentations, reports, and visualizations.
  • Create, develop, and mature catalog of GRC services and contribute to the improvement of all services.
  • Contribute to the development of best practice frameworks suitable for use during assessments and improvement planning, and integration with assessment toolsets.
  • Contribute to the information security community, primarily focused on the areas where company operates.
  • Support other engagements, such as those being led by the Blue Team and/or Red Team.
  • Continually research and learn new technologies and techniques through a mix of self-guided and formal training.
  • Cultivate new and existing client relationships to develop business opportunities.
  • Perform other duties as assigned.

Education & Experience:

  • 4 or more years of experience in Information Security with a focus on protecting companies through building a security program, security governance documentation, and engineering systems to be robust and resistant to attack.
  • Familiarity with common security frameworks and regulations such as SOX, HIPAA/HITECH, PCI-DSS, GDPR, NIST 800 series, FedRAMP, ITIL, ISO 27001/2, COBIT, and SOC 2.
  • Familiarity with risk assessment techniques and risk management program documentation.
  • Familiarity with approaches to assessing and managing third-party risk.
  • Clear understanding of emerging information security trends, including changes in security frameworks and regulatory requirements.
  • Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed.
  • Ability to write clear and concise information security policies, standards, and processes.
  • Preferred Skills
    • Ability to conduct an information security risk assessment.
    • Ability to conduct an information security maturity assessment.
    • Strong project management skills, problem solving/critical thinking skills, and verbal and written communication skills.
    • CISSP or equivalent training and certification.
    • Prior consulting experience, especially with a focus on partnering with companies to improve the robustness of their security program or establish a robust security program from scratch.
    • Ability to describe and communicate complex technical security concepts to technical and non-technical audiences.
    • Strong written and verbal communication skills, including the ability to present at information security events and conferences, and to curate content such as writing blog posts and written reports.
APPLY NOW