Senior Information Security (Analyst – Consultant) Strategic Services

About The Position

Requirements

• Bachelor's degree in information security or related discipline
• Proficiency In IT Risk Management frameworks (e.g., NIST RMF, NIST CSF 2.0) and knowledge of up to two of the following industry frameworks and regulations CCPA/CPRA, GDPR, NIST Privacy, NIST RMF, PCI, ISO, HIPAA
• Strong knowledge of cybersecurity controls, vulnerability management, identity and access management, detection and response, product security, and security operations, including CIS Critical Security Controls
• Ability to synthesize complex technical and business information, identify patterns, and develop actionable recommendations
• Excellent written and verbal communication skills, with the ability to present detailed technical and analytical findings clearly and concisely to both technical and non-technical audiences, including executive leadership, project managers, and technical teams.
• Proven ability to tailor communication style and content to different audiences, from junior staff to senior management, both internally and externally.
• Advanced capability in performing various types of assessments (point-in-time, maturity, risk, technical) and integrating findings from multiple sources
• Hold current standing with at least one industry relevant certifications, such as CISM, CISA, CRISC, CISSP
• Ability to coordinate and manage multiple priorities in a fast-paced environment, working both independently and collaboratively
• Ability to travel up to 10% for client-related or internal-related activities as needed
• Eligibility to work in the United States.

Nice To Haves

• At least 2 years’ experience in a client-facing role (e.g., consulting or external auditor)
• Experience operating industry-relevant tools (e.g., GRC platforms, and other privacy and risk management solutions such as BigID, OneTrust, etc.)
• Familiarity with Artificial Intelligence (AI) Risk Management (AI RMF), AI Governance, and AI Security

Responsibilities

• Lead and support various client engagements, including Enterprise Risk Assessments, Privacy Impact Assessments, and Risk /Privacy / Program Buildouts.
• Facilitate collaborative assessment processes such as scoping, leading client interviews/workshops, and ensuring open dialogue and understanding of client-specific challenges
• Manage client expectations and ensure project deliverables align with their business objectives and regulatory requirements
• Perform comprehensive point-in-time assessments of client cybersecurity posture against industry standards and frameworks (e.g., NIST CSF 2.0, CIS Critical Security Controls)
• Conduct maturity assessments across various domains, including IT Risk Management, IT Service Management, and specific security controls
• Evaluate critical platforms and tool use cases, assessing their effectiveness and alignment with client needs and best practices
• Identify security gaps, vulnerabilities, and control weaknesses through documentation review, interviews with key personnel, and observation of operational processes
• Assess client compliance with relevant laws, regulations, and contractual obligations, including PII, PHI, and IP considerations, specifically HIPAA and PCI DSS
• Design and implement enterprise-wide IT risk management programs based on NIST principles, integrating cybersecurity risk with overall enterprise risk management (ERM)
• Establish risk governance structures, define roles and responsibilities, and develop risk management strategies for clients
• Develop and implement policies and procedures related to application security, data protection, and privacy
• Create roadmaps for program implementation, such as Technical Impact Analysis (TIA) programs, including stakeholder engagement, data collection, and continuous improvement
• Prepare comprehensive assessment reports, compliance narratives, and strategic roadmaps for executive and technical client stakeholders
• Present complex technical and risk information clearly and concisely to diverse client audiences, supporting informed decision-making
• Ensure all findings, recommendations, and program documentation are auditable and support client compliance requirements
• Engage effectively with both internal and external stakeholders, including client project managers, client leadership, internal managers, and junior team members, to ensure alignment and successful project outcomes.
• Facilitate cross-functional communications with other team members and departments, fostering collaboration and knowledge sharing.

Benefits

• Comprehensive benefits including: Medical, Dental, Vision & Basic Life Insurance
• Paid Vacations, Sick Time, & Holidays
• 401 (k) with discretionary company match
• Vibrant work culture