Senior Consultant - IT Security / Cybersecurity
CREO Inc Raleigh, NC
- Expired: May 15, 2021. Applications are no longer accepted.
CREO, Inc. [ is an innovative management consulting and advisory firm based in Research Triangle Park. CREO helps its clients operate effectively, freeing them to apply their talents, pursue their mission, and realize their vision through a focus on effective operations and organizational health. CREOs senior team of C-level advisors works shoulder-to-shoulder with clients to solve their toughest challenges and realize their biggest opportunities.
As a Senior IT Security Consultant at CREO, you would be responsible for the following:
* Provide consulting and guidance on building and/or maturing information security programs, risk management and the implementation of tools and technologies used for enterprise security.
* Advise clients on data privacy compliance regulations and how to efficiently meet requirements and protect personal data.
* Implement and/or assess enterprise IT security controls, including data classification/governance, cybersecurity incident response process, patch management, data loss prevention, and access controls.
* Perform risk assessments and security control gap analysis, prioritize findings and recommend remediation.
* Prepare and create documentation for various IT security engagement deliverables including, but not limited to: risk assessment results, plan of action and milestone (POAM) lists, system security plan, security gap analysis.
* Provide knowledge and guidance on tools and technologies used for enterprise security.
Required qualifications, skills, and experience:
* Bachelors degree in information security, information technology or related technical discipline
* Minimum 10 years overall IT experience with 5+ years of professional information security experience
* Demonstrated experience implementing successful enterprise information security programs
* Strong understanding and experience implementing one or more security frameworks, such as NIST 800-53/171, NIST RMF/CSF, ISO 27001, HIPAA/HITECH, HITRUST, CIS, and PCI DSS
* Strong understanding and experience with security and privacy-related regulatory compliance, such as FISMA, HIPAA, GDPR
* Advanced knowledge of networking, including TCP/IP protocols and network topology
* Technical knowledge of Microsoft security and compliance capabilities, such as, Office 365, Defender ATP, Security & Compliance Center and Azure AD MFA.
* Knowledge of networking, including TCP/IP protocols and network topology
* Understanding of security controls for common platforms and devices, including Windows, Linux, network equipment and IT operations
Other qualifications we find highly desirable:
* Knowledge and experience with tools used in penetration testing, security event analysis, incident response, computer forensics, malware analysis or other areas of security operations
* Certification in at least one of the following: CISSP, CCSP, CISA, CISM, HITRUST Practitioner, ISO 27001 Lead Implementer, CEH
* Experience in Governance Risk and Compliance (GRC)
* Experience with computer systems validation (CSV) and 21CFR11 compliance
* Experience supporting U.S. federal government security compliance (FISMA)
Now with 43 full-time partners and staff, and a broad network of experienced consultants, CREO has grown rapidly to serve over 100 clients in the health, life science, technology services, and non-profit sectors and is recognized as one of the fastest growing companies in the U.S., ranking in the top 22% of Inc. 5000 companies. CREO is organized into two divisions, Growth Acceleration and Digital Transformation, and provides services in seven integrated practice areas (Strategy & Organization Effectiveness, Financial Management, PMO & Process Optimization, M&A Services, Information Technology, Cybersecurity & Compliance, Analytics & Data Sciences). To learn more, visit [
TechnologyView all jobs at CREO Inc