Lead Consultant (Security Advisor)

About The Position

Requirements

• 6+ years of hands-on experiencing performing security assessments and remediation support.
• Hands-on experience with threat modeling, risk assessments, and security audits and ability to identify vulnerabilities and mitigate risks
• Bachelor's degree in Information Security, Information Systems Management, Computer Science, Engineering, or related field
• Experience with security and privacy frameworks like CIS Controls, ISO/IEC 2700x, MITRE ATT&CK, NIST Cybersecurity Framework, GDPR, FedRAMP etc.
• Technical or professional certifications and certificates (e.g., ISC2, ISACA, PCIP, PCI QSA, etc.)
• Experience working with different cloud security products and cloud types.
• Experience creating a security roadmap with estimates for complexity and cost; including people, process, & technology inputs
• Experience managing a backlog of activities and delivery teams consisting of technical and nontechnical professionals.
• Excellent written and verbal communications skills and an ability to maintain a high degree of professionalism in all client communications.
• Ability to influence others, build relationships, and manage conflicts
• Highly motivated, consultative, problem-solving mindset
• Leadership experience and executive level communication and facilitation skills across technical and non-technical stakeholders
• Experience with brief management, as needed, on the status of action items and/or results of these activities
• In-depth knowledge of information security principles, technologies, and best practices
• Technical expertise with security tools and technologies like firewalls, VPNs, IDS/IPS, SIEM, DLP, encryption, access controls, vulnerability management, etc.
• Experience with security monitoring, incident response and knowledge of cyber threats and attack vectors.
• Working knowledge of cloud security best practices for AWS, Azure, and/or GCP
• Working knowledge of data security such as encryption, key management, tokenization, etc.
• Working knowledge of security monitoring tools - Security Information & Event Management (SIEM), user behavior analytics, network traffic analysis, etc.
• Working knowledge of application security concepts - secure SDLC, static/dynamic analysis, web app scanning, fuzzing, pen testing, etc.
• Working knowledge of identity security such as access and privilege management solutions - LDAP, AD, SSO, MFA, IAM (e.g., SailPoint, Saviynt), PAM (e.g. CyberArk), etc.
• Working knowledge of security awareness training, phishing simulations, social engineering, and physical security principles
• Experience with managing the overall success of information security programs.
• Ability to liaise with legal/compliance teams regarding security regulations and legal obligations.
• Experience in developing information security policies, standards, and procedures.
• Excellent communication skills, including demonstrated proficiency in clearly communicating technical concepts to non-technical audiences in business terminology

Responsibilities

• Conduct compliance and security assessments, architect and implement controls, provide remediation support, and draft governance documentation.
• Strong understanding and past performance of assessment and implementation of PCI DSS
• Use of other common security and privacy standards such as NIST, HIPAA, ISO/IEC, GDPR, CCPA, etc.
• Advise senior leadership and key stakeholders on strategic security matters to align security programs with business objectives
• Assess and understand our client's current security posture and future architecture, providing a viable solution path to bridge the gap using industry and vendor best practices.
• Lead security technology evaluation and selection processes.
• Advise on proper configuration and maintenance of security tools and systems.
• Develop functional and design specifications for client work products.
• Advise legal/compliance teams and assist with security investigations and litigation
• Create and deliver reports, metrics, and dashboards on program effectiveness for executives.
• Develop security architectures and roadmaps to strengthen our customer's defenses.
• Stay attuned to customer business needs and objectives to align security priorities and requirements
• Design and evaluate security tools to assist our clients, including and not limited to asset management, identity and access management, cloud logging/monitoring, threat and vulnerability management, platform hardening, resiliency and redundancy, data security, and security infrastructure.
• Review cloud technologies and products for security implications and risks for our clients.
• Maintaining awareness of trends and changes in the Cybersecurity industry and threat landscape
• As technical subject matter expert, assist Apex solution, sales, and account teams during the scoping of new security opportunities.

Benefits

• Competitive Salary
• Health, Dental and Vision Insurance
• Health Savings Accounts (HSA) with Employer Contribution
• Flexible Spending Accounts
• Long and Short-Term Disability
• Life Insurance
• Voluntary Benefits
• Employee Assistance Program
• Paid Parental Leave
• Wellness Incentives
• Vacation and Holiday Pay
• 401(k) Retirement Plan with Employer Match
• Employee Stock Purchase
• Training and Advancement Opportunities
• Tuition Reimbursement
• Birthdays Off
• Philanthropic Opportunities
• Referral Program
• Partial Gym Membership Paid
• Team Building Events
• Discount Programs