Principal Security Consultant (#1132)

About The Position

Requirements

• Bachelor’s degree preferred (Cyber Security and/or Computer Science)
• 5 to 10 years of applicable Security Consulting experience
• Hold certifications (CRISC, CISA, CISSP) commensurate with the technology and solutions focused on Security as well as Governance, Risk & Compliance (GRC)
• Security Consulting experience
• IT Audit General Controls knowledge
• Solutions selling sales cycle understanding
• Generating and presenting customer facing presentations
• Familiar with account planning, pipeline management and forecasting
• Ability to draft/compile well written proposals and statements of work and customer deliverables
• Advanced written and oral communication skills
• Seasoned in technical strategy and architecture steering, review, and documentation
• Well versed in threat modeling, attack frameworks, and industry standard program frameworks such as NIST, ISO 27001, CIS 20 and PCI
• Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed
• Ability to discuss and sell Security Consulting engagements, based on Customer business needs, compliance standards and take ownership of closing and completing these engagements

Responsibilities

• Business objectives; identified cyber risks, data risks, and regulatory requirements. Map these to ePlus security and data governance services to achieve measurable improvements in security posture, compliance, and information lifecycle management. Leverage the broader team to support these services as appropriate.
• Effectively lead engagements as a subject matter expert (SME) to deliver client projects. Lead meetings, track team tasks, and present deliverables to client stakeholders across executive, operational, and technical audiences.
• Conduct security and data governance program assessments and measure the effectiveness of client environments as it relates to: Existing technical and administrative controls Data classification and handling practices Data lifecycle management Privacy and regulatory compliance requirements Alignment to industry security and governance frameworks
• Design, develop, and operationalize Data Governance Programs, including: Governance charters and operating models Data ownership and stewardship models Data classification frameworks Data retention and disposition standards Policy and control documentation Risk scoring methodologies for sensitive and regulated data Integration of data governance into existing security and compliance programs
• Develop tailored consulting engagements specific to a client’s security and data governance maturity, risk profile, regulatory exposure, and budget constraints.
• Develop and produce comprehensive engagement deliverables tailored to both technical and managerial audiences, fully detailing; Technical execution Identified control and governance deficiencies Business and regulatory impact Risk prioritization Practical and sustainable remediation strategies
• Establish credibility with the ePlus sales team and customers as a trusted advisor focused on risk identification, mitigation, and strategic program development across both cybersecurity and data governance domains
• Conduct customer-facing presentations on ePlus’ core competencies, including security advisory services, governance strategy, compliance alignment, and data governance program development.
• Assist the sales team with overall account planning as it relates to security and data governance program development services.
• Assist the sales team with identifying and capturing customer business, regulatory, and data management requirements during the sales cycle and determining ePlus’ recommended solution approach.
• Contribute to marketing and thought leadership initiatives via publishing research, speaking at industry conferences, authoring blog articles and whitepapers, hosting webinars, and developing repeatable security and data governance processes and templates.
• Assist with practice development, including improving existing offerings, creating new service offerings (including emerging governance and AI/data risk services), and mentoring team members.
• Foster client relationships by providing strategic guidance, proactive insight, and ongoing advisory support.
• Lead technical scoping and review sessions with Client Security Principals, Account Executives, and sales teams, as well as customer stakeholders, to develop and finalize services proposals and Statements of Work.
• Function as a subject matter expert (SME) for customer staff regarding proposed services and their design, purpose, delivery methodology, and measurable outcomes.
• Conduct knowledge transfers with solution architect colleagues and sales teams regarding discovered technical and service opportunities, lessons learned from engagements, and emerging governance or regulatory trends.
• As appropriate, assist the sales team in addressing customer satisfaction issues related to recommended solutions and assist in developing structured remediation or “get well” plans.
• Identify emerging product or service candidates to sales and services management as new solution areas for ePlus to potentially develop or invest in, particularly in areas related to data governance, regulatory evolution, and risk management.
• Complete and/or register for training and maintain relevant certifications in cybersecurity, governance, privacy, and regulatory frameworks as requested and approved by management.
• Participate in weekly service pipeline and progress calls with the Managing Security Consultant Manager and be prepared to review: Current pipeline opportunities 60-day revenue forecast Win probability Estimated delivery timelines
• Function as a subject matter expert (SME) for customer staff regarding proposed services and their design, purpose, delivery, and other relevant specifics
• Conduct knowledge transfers with solution architect colleagues and sales teams regarding discovered technical and service opportunities, lessons learned from previous engagements/experience, etc. as relevant
• As appropriate, assist sales team in dealing with customer satisfaction issues surrounding approach of a recommended solution and assist in developing a ‘get well’ plan
• Identify product or services candidates to sales and services management as new solution areas for ePlus to potentially develop or invest in
• Complete and/or register for training and maintain relevant certification(s) as requested and approved by immediate manager in accordance with assigned focus area
• Participate in weekly service pipeline and progress conference calls with the Managing Security Consultant manager and be prepared to review on a weekly basis the current pipeline of opportunities being worked on and forecast for the next 60 days the potential revenue associated to them, win probability, and estimated date of completion

Benefits

• ePlus offers a full range of medical, financial, and/or other benefits (including 401(k) eligibility, employee stock purchase program and various paid time off benefits, such as vacation, sick time, and personal leave), dependent on the position offered.
• Details of participation in these benefit plans will be provided if an offer of employment is extended.