Information Security Assessor

About The Position

Requirements

• 2 years’ experience in information security or a related field, consisting of work and educational experience and demonstrating a solid understanding of basic Information Security concepts
• Strong motivation for pursuing an information security career
• Baseline understanding of information security foundations; including asset management, data security, network management, physical security, and security governance
• Self-motivated and proactively seeks out learning opportunities and asks questions
• Aptitude to complete a variety of Information Security focused risk assessments independently
• Excellent time management and organizational skills, with the ability to manage competing priorities and meet strict deadlines across multiple engagements
• Exceptional verbal and written communication skills, with the ability to build strong client relationships and convey findings in a clear, professional manner
• Ability to translate complex technical concepts into actionable recommendations and business terms
• Demonstrated technical confidence and credibility when discussing security concepts, frameworks, and vulnerabilities with clients and peers
• Excellent interviewing, analytical, and critical thinking skills, with ability to build rapport with clients

Nice To Haves

• Experience managing risk assessments across multiple industries preferred
• Professional certifications such as Network+, Security+, CISSP, CISA, CISM, CRISC, or similar preferred but not required

Responsibilities

• Conducting organization-wide security assessments both virtually and onsite for client organizations, by independently conducting client interviews, reviewing policies and procedures, and observing controls within client facilities
• Effectively manage multiple client assessments, deadlines, and deliverables simultaneously, ensuring timely completion of all engagements without compromising quality
• Communicating complex technical information clearly and confidently to both technical and non-technical audiences, adapting messaging as appropriate for each stakeholder group
• Demonstrating strong technical credibility in client interactions, instilling confidence through in-depth knowledge of security principles, tools, and frameworks
• Documenting assessment findings and present assessment results to the client's leadership team
• Working with clients to identify and prioritize security remediation tasks
• Educating clients on sound information security concepts and principles and advise on the implementation of suitable information security controls
• Providing insight to clients related to relevant regulatory and best-practice information security standard
• Maintaining and developing own technical and security knowledge

Benefits

• medical, dental and vision insurance
• HSA/FSA/DCA accounts
• life and disability insurance
• 401(k) with employer match up to 4%
• employee assistance program (EAP)
• unlimited paid time off
• paid parental leave
• education/growth assistance
• pet insurance