Senior Security Assessor

About The Position

Requirements

• A university degree in Computer Science, Engineering, or a field which relates to the role.
• Minimum of at least two security certifications from the following (ISC)2 CISSP, ISACA CISM, ISACA CISA, SANS GIAC/GSNA, ISO27001 Certified Lead Implementer/Lead Auditor/Internal Auditor
• Five (5) + years of Information Security experience in Security Governance, Risk and Compliance practices and methodologies.

Nice To Haves

• Additional Security certification such as QSA, CMMC CP, CMMC CCA, IRCA ISMS Auditor or higher, IIA Certified Internal Auditor (CIA), HITRUST
• Experience performing GRC functions for either: As a consultant delivering GRC, risk, or compliance services OR In an internal GRC role with direct responsibility for assessments, risk management, and compliance activities
• Demonstrates advanced knowledge of the principles, best practices architecture and design approaches to applicable capabilities, services and standard controls that fall under the scope of the PCI-DSS, NIST, CMMC, and ISO.
• Experience with performing cyber security assessments and familiarity with industry cyber security tools or experience auditing systems.
• Experience of security hardening techniques and policy development, particularly with regards to secure software development methodologies and process.
• Previous experience in PCI-DSS, NIST, CMMC, ISO compliance program including pre-assessment or assessment and gap remediation programs.

Responsibilities

• Assess existing controls to determine level of compliance to the PCI DSS standard, ISO, HIPAA, GDPR, NIST, FedRAMP etc. inclusive of: their maturity, state of compliance, and the risk associated with any findings.
• Supports PCI-DSS, Risk, NIST, ISO, CMMC, FedRAMP, Cyber Security Compliance gap analyses and assessments.
• Support compliance privacy client engagements and familiarity with GDPR, CCPA, PIPEDA or similar privacy frameworks.
• Supports sites in testing, documentation and issue resolution associated with cyber security programs.
• Perform comprehensive threat/risk assessments and business impact analysis of current system, data, application and technology environments to determine possible internal and external threats to information assets, and identify security measures required to counter such threats.
• Supports sites in testing, documentation and issue resolution associated with cyber security programs.
• Participate in the development and implementation of the enterprise security architecture and supporting security standards to ensure compliance with corporate policies, and relevant legislative and regulatory requirements.
• Perform technical security reviews or assessments to ensure targeted systems, networks, applications and/or data are in compliance with corporate policies and standards.
• Serve as a client-facing GRC consultant on S3 engagements, performing governance, risk, and compliance activities on behalf of client organizations as defined in contracts.
• Assess and communicate risk, control gaps, and compliance implications, translating technical and operational findings into clear, business-focused guidance for client stakeholders.
• Understand that, due to the rapidly evolving cybersecurity landscape, maintaining this role will require obtaining additional certifications to keep up with the cybersecurity threat landscape and industry acceptable certifications.