Senior Information Security Consultant (Contract role)
The Information Security Consultant manages all activities related to IT information security, develops and implements information security standards and policies, leads regular internal audit activities, develops and conducts security trainings and monitors security exposure with prompt and appropriate risk mitigation. The individual will also manage security-related projects, participate in IT Infrastructure projects with respect to security architecture and design, and provide oversight for cyber security vendors. This is a strategic as well as technically hands-on position involving the protection of all enterprise information assets.
Key Responsibilities & Duties
- Aligns standards, frameworks, and security practices with overall business and technology strategy.
- Identifies and communicates current and emerging security threats.
- Creates three-year roadmaps for security technologies, policies and processes.
- Establishes security budgets and manages technologies and services to stay within budget.
- Manages and communicates status to stakeholders, aligning security activities with business needs.
- Evaluation, selection, and implementation of information security products and services.
- Routinely assess current best practice, recommending appropriate technology and policy.
- Liaises with Compliance, Legal, Quality, and R&D teams, offering technical direction throughout the organization on information security matters.
- Responds to, and reports on all security incidents. Investigates root cause and promotes implementation of both proactive and reactive controls.
- Develops configuration standards for operating systems, networking devices, application implementation, user access controls, and any industry regulatory compliance requirements.
- Manages third party security vendors.
- Maintains awareness of trends in security regulatory, technology, and operational requirements by attending annual seminars, specialized training, and industry publications.
- 12+ years of relevant experience, or a combination of bachelor’s degree and 7+ years of experience
- 5+ years of experience within an Information Technology function with emphasis in IT Risk Management.
- Experience with information technology operations, information security operations, business continuity and disaster recovery. Experience with data protection, data privacy laws, regulations and industry requirements, as well as industry best practices.
- Practical experience working with enterprise class switches, routers, wireless and firewalls.
- Practical experience working with various server technologies including Microsoft Windows, Active Directory, and Exchange.
- Minimum 5 years of experience working with desktop/laptop technologies including Windows OS’s and office applications.
- Minimum 5 years of experience identifying, quantifying, and mitigating risks with networks and servers.
- Proven track record of responding to various regulatory security audits.
- Good vendor management experience and abilities.
- Current CISSP, CISM, CISA, CEH, Security+, or GSEC certifications.
- A thorough understanding of SaaS and IaaS solutions.
- A thorough knowledge of logging, monitoring, and event management applications.
- Experience managing IT Governance and Compliance programs.