Security Consultant

About the position As a Qualified Security Assessor (QSA) you will provide assessments and consulting to our clients. You will manage your own book of work and be the master of your own work schedule to the degree that it coincides with your clients’ requirements (that have been assigned to you) and delivery times required. You will conduct remote assessment activities and travel to client locations which usually last anywhere from 3-5 days for on-site activities over a 3–5-month timeframe for a single engagement. You will be working on an average of 3-4 active projects at any given time. You will provide status of all engagements that you are assigned to on a weekly basis and manage them to critical milestones to prevent escalation by clients. Writing detailed technical reports and evaluation of supporting documentation for proof of compliance with standards and regulations. Responsibilities • Perform both consulting, advisory and assessment services. • Must maintain relevant certification required by industry and complete relevant ongoing continuing education required by certifications. • Provide competent and relevant cybersecurity, governance, compliance, risk, and auditing in the technical space in accordance with various regulations and standards. • Provide engagement management and high-level project management for delivery of services to multiple client which have been assigned to you by management. • Evaluate client compliance with regulations such as Payment Card Industry Data Security Standard (PCI DSS), ISO 27K series, NIST, or other compliance standards and frameworks. • Conduct audits and risk assessment based on National Institute of Science (NIST) standards like NIST Risk Management Framework, NIST Cyber Security Framework, NIST Privacy Framework, and International Standards organization (ISO) frameworks for risk and cybersecurity. • Consultative support with clients in using risk assessment and audit based on National Institute of Science (NIST) or ISO27002. • Sharing your expertise with clients and colleagues to aid in making decisions on topics like strategy and scope as well as deep and highly technical projects like web application architecture and security. • Providing clear, organized findings and recommendations to clients and tracking progress towards resolution and compliance. • Producing detailed, high-quality reports for clients and industry third parties like payment card brands and the PCI Security Standards Council. • Learning from our close-knit group of consultants as well as contributing your thoughts, tools, industry news or lessons learned. • Working with clients to implement practices to produce secure applications and identify and eliminate security vulnerabilities. • Working independently, undertaking information security engagements including working co-ordination and project management (client interaction, deliverables, work plans, escalation’s, etc.). • Growing the business by identifying up-sells with existing and potential clients. • Providing regular status reports on all projects assigned. • Being a team player and having the capability to expand having the capability to expand/adapt your skills in a fast-paced ever-changing industry. Requirements • At least 5 years of previous professional experience in cyber security, information security or risk assessments. • Strong professional and technical experience in information technology or information security. • Must have hands on or conceptual understanding in networking, end user systems support, server support, virus and malware systems, logging, building systems from scratch, policies, procedures, computer user account management, vulnerability scanning, pen testing, and wireless networking. • Have at least one industry-recognized professional certification from each list below: List A: - (ISC)2 Certified Information System Security Professional (CISSP) - ISACA Certified Information Security Manager (CISM) - Certified ISO 27001 Lead Implementer List B: ISACA Certified Information Systems Auditor (CISA) - Certified ISO 27001, Lead Auditor, Internal Auditor 1 - IRCA ISMS Auditor or higher (e.g., Auditor/Lead Auditor, Principal Auditor) - IIA Certified Internal Auditor (CIA) Apply tot his job