Principal Consultant, Security Governance

About The Position

Requirements

• Strong professional expertise in information security with the ability to thoroughly understand complex principles and apply them practically
• Deliver consulting services on time and on budget
• Comfortably present security concepts and/or findings to both highly technical and entirely non-technical audiences
• Must be analytical, detail oriented, innovative, and recognize opportunities to provide value added consulting services to clients
• Ability to manage multiple and simultaneous clients, tasks, and responsibilities, work alone or in small teams, achieve established goals and objectives, and proactively communicate progress
• Ability to work collaboratively or independently as required by the engagement’s needs
• Ability to be flexible and embrace change
• Continuously evolve approaches based on changing requirements, new information, or updated guidance
• Ability to manage multiple and changing priorities and tasks
• Bachelor’s Degree with a focus on Information Security, IT, Computer Science, or Engineering preferred or the equivalent work experience and/or military experience
• 5-8 years previous consulting experience
• 5-8 years' experience conducting Information Security risk and compliance assessments
• 5-8 years' experience evaluating compliance with regulatory and key IT standards such as HIPAA, PCI DSS, NIST CSF, ISO 27001, and other similar standards/frameworks
• Cloud experience with AWS, Azure or Google Cloud Platform or non-foundational certification for any of these cloud platforms or one of the following cloud agnostic certifications: Certified Cloud Security Professional (CCSP), Certificate of Cloud Security Knowledge (CCSK), GIAC Cloud Security Essentials (GCLD)
• Possess at least one of the following accredited, industry-recognized professional certifications from each list: List A ISC2 Certified Information System Security Professional (CISSP) ISACA Certified Information Security Manager (CISM) Certified ISO 27001 Lead Implementer List B ISACA Certified Information Systems Auditor (CISA) GIAC Systems and Network Auditor (GSNA) Certified ISO 27001, Lead Auditor, Internal Auditor 1 IRCA ISMS Auditor or higher—e.g., Auditor/Lead Auditor, Principal Auditor IIA Certified Internal Auditor (CIA)

Nice To Haves

• One or more AI certifications (e.g., ISO 42001, ISACA AAISM, ISACA AAIR, IAPP AIGP)
• Experience leading AI security assessments, maturity reviews, and developing remediation roadmaps for clients
• Ability to translate technical AI risks into executive-level recommendations and measurable controls

Responsibilities

• Lead client engagements and project execution providing information security consultation and assessment services, helping our clients meet their compliance obligations by evaluating their business, technology, and operations against industry security standards
• Educate, mentor, advise, and share your expertise with clients and colleagues to aid in making decisions on topics like Artificial Intelligence, organizational security strategy and services scope as well provide consultative guidance on complex projects
• Providing clear, organized findings and recommendations to clients and tracking progress towards resolution and compliance
• Consult/advise with C-level Security Leaders (CISO, CSO, CIO, etc.) and the Board of Directors with our most valued and strategic clients
• Develop strategic, operational, and tactical recommendations tailored to each client with the intent to improve a client’s security posture and compliance position
• Create detailed strategic security roadmaps with short-term, mid-term, and long-term goals that prioritize remediation recommendations and address all instances of non-compliance with applicable regulatory, statutory, contractual, and organizational obligations
• Lead large security engagements in concert with other cybersecurity practices and Presidio teams
• Develop security policies, standards, and procedures that are custom-tailored to each client’s unique culture, security goals, and organizational objectives using industry best practices and compliance requirements
• Review, analyze, and assess key factors, including inherent risk, mitigating controls, business impact, likelihood and other key elements to determine organizational security risk
• Ensure and assess client alignment to, and/or compliance with, applicable regulatory, federal, state, local, contractual, and organizational requirements and best practices standards such as ISO 27001, NIST Cyber Security Framework (CSF), PCI DSS, HIPAA, FERPA, NIST 800-171, CMMC, etc.
• Work closely with organizations to conduct security program development by establishing the foundation for a best of breed security program architecture reference model using industry frameworks and standards such as ISO 27001, NIST 800-53, NIST CSF, etc.
• Work with other seasoned Principal Security Consultants in a collaborative setting to support and assist on the execution and delivery of key services such as Cloud Governance, Advisory Services, security program development, documentation review, and security consulting services
• Execute tabletop exercises after collaborating with client stakeholders to select the scenario then create an After-Action Report
• Deliver PCI Advisory Services, including PCI Gap Analysis, SAQs, ROCs and AOCs
• Deliver CMMC Advisory Services, including CMMC Readiness Assessments
• Assist leadership in cybersecurity administrative functions, such as documentation maintenance, documentation creation, peer review, and other internal cybersecurity activities

Benefits

• Presidio is committed to hiring the most qualified candidates to join our amazing culture.
• We aim to attract and hire top talent from all backgrounds, including underrepresented and marginalized communities.
• We encourage women, people of color, people with disabilities, and veterans to apply for open roles at Presidio.
• Diversity of skills and thought is a key component to our business success.
• Presidio is committed to working with and providing reasonable accommodations to individuals with disabilities.