Sr Security Consultant – GRC

Location: Pittsburgh

Job Type: Full Time / Permanent

ROLE AND RESPONSIBILITIES The Senior GRC Security Consultant reports to the GRC Manager and is part of the Governance, Risk, and Compliance (GRC) Team consulting practice, working both independently and as part of a team to: • Partner with potential, new, and existing clients to develop trusted relationships and new opportunities. • Lead and participate on project implementation teams. • Quickly gain a working knowledge of customer’s IT/Security environments through conversations and observations. • Proactively assist in the management of consulting engagements and keep stakeholders updated with progress and issues. • Establish effective working relationships directly with clients. • Demonstrate and apply a thorough understanding of complex information systems. • Lead assessments of client environments against industry standard frameworks to identify client’s current state of program maturity and identify applicable risks. • Work with client to identify and document their desired maturity state and risk-balanced state and develop a gap assessment and roadmap to guide the process of maturing towards their desired state. • Work with client to document client’s security program through the development of appropriate policies, standards, and processes. • Advise client’s teams at all levels from the C-Suite to individual contributors regarding information security governance through mediums such as presentations, reports, and visualizations. • Create, develop, and mature a catalog of GRC services and contribute to the improvement of all services. • Contribute to the development of best practice frameworks suitable for use during assessments and improvement planning, and integration with assessment toolsets. • Contribute to the information security community • Support other engagements, such as those being led by the Blue Team and/or Red Team. • Continually research and learn new technologies and techniques through a mix of self-guided and formal training. • Cultivate new and existing client relationships to develop business opportunities. • Perform other duties as assigned.

QUALIFICATIONS AND EDUCATION REQUIREMENTS • 7 or more years of experience in Governance, Risk, and Compliance with a focus on protecting companies through building a security program, security governance documentation, and engineering systems to be robust and resistant to attack. • Skilled within the GRC focus area providing coaching of team members across all areas. • Extensive experience with common security frameworks and regulations such as ISO 27001/2, SOC2, HIPAA / HITECH, SOX, PCI-DSS, GDPR, NIST 800 series, ITIL, and COBIT. • Extensive experience with risk assessment techniques and risk management program documentation. • Experience with approaches to assessing and managing third-party risk. • Clear understanding of emerging information security trends, including changes in security frameworks and regulatory requirements. • Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed. • Ability to write clear and concise information security policies, standards, and processes.

PREFERRED SKILLS • Ability to lead an information security risk assessment. • Ability to lead an information security maturity assessment. • Strong project management skills, problem solving/critical thinking skills, and verbal and written communication skills. • CISSP, CRISC or equivalent training and certification. • Prior consulting experience, especially with a focus on partnering with companies to improve the robustness of their security program or establish a robust security program from scratch. • Ability to describe and communicate complex technical security concepts to technical and non-technical audiences. • Strong written and verbal communication skills, including the ability to present at information security events and conferences, and to curate content such as writing blog posts and written reports.

COMPETENCIES: The employee is expected to be proficient in several organizational, behavioral, and functional competencies, such as sound judgement, cooperation/teamwork, quality of work, reliable, punctual, quantity of work, supportive of diversity, communication, customer service, problem solving, attention to detail, innovative, and flexible.