REMOTE- Information Security Consultant/Advisor
- Posted: June 02, 2022
We are looking for a season Information Security Consultant/Advisor to consult and advise our clients on designing, implementing, and managing Information Security Management Systems (ISMS) to protect their organization's infrastructure and maintain compliance with various regulations, standards, and frameworks (ISO 27001, HIPPA, SOC 2, etc...). You will be responsible for working with our client's senior leadership and internal IT teams to advise and ensure security actions are evaluated, validated, and implemented as required.
To be successful, you should have expert analytical skills and in-depth knowledge of information security practices to proactively identify and prevent a wide range of security threats in client environments. Top candidates will also be excellent communicators; training and educating our client's key stakeholders in various information security topics.
If you thrive in a dynamic environment, like challenges, and believe work and fun are not mutually exclusive, you may be the one we're looking for. We need team players who are smart and creative, love IT assurance, and want to grow with a growing company: who are as comfortable talking with senior management about certification or attestation strategies as they are with a Developer or System Administrator about securing microservices or the latest Windows' exploit.
This position will be responsible for:
- Consulting with our client's senior management team and their internal IT departments to improve their information security posture.
- Promote awareness of security issues among client management and ensure sound security principles are reflected in the organization's vision and goals.
- Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
- Continuously validate client organization against policies/guidelines/procedures/regulations/laws to ensure compliance.
- Identify alternative information security strategies to address organizational security objective.
- Keeping up to date with developments in the threat environment, as well as privacy and security standards.
- Conducting and/or participating in gap, risk, and business impact assessments.
- Documenting ISMS policies and procedures, updating policies and procedures, and monitoring to ensure compliance with security policies.
- Leading/overseeing third-party risk programs and assessments for clients.
The right person HAS the following characteristics (these are "non-negotiable" ):
- Personalintegrity, a highly transparent nature, and a mind-set of "mutualbenefit".
- Thrives onand is worthy of self-managing the projects they are responsible for(micro-management is a four-letter word at PPS).
- Has veryhigh "Self-Expectation" (self-motivated, self-aware, self-disciplined, self-improving, and self-governed). You hold yourself to ahigher standard than others do.
- Enjoys workand life, values a balance, and is looking for a company that shares thoseideals (understands that you do not get a second chance to see your child'sfirst school play and that it does not matter if the report gets done at3:00 PM or 10:00 PM, if it gets done).
- Highlyconsultative and collaborative nature; someone who enjoys helping othersachieve ambitious business and information assurance goals.
- Effectivelyand proactively communicates in writing/speech both internally/externallyfrom the server room to the board room.
- The abilityto "work from anywhere" as this role is remote/virtual innature.
- A good senseof humor and the ability to laugh at themselves.
- Applicable InformationSecurity and Technology experience to contextualize and makerecommendations relevant and valuable.
The right person usually has the following experience (these are somewhat negotiable):
- Certificationsthat demonstrate to our clients our commitment to excellence in our craft(e.g., ISO 27001 Lead Implementer, CISA, CISSP, ISO 27001 LeadAuditor, CCSA, MCSE, CEH, OSCP).
- Experience workingas a consultant managing/leading multiple client projects.
- Experienceauthoring policies and procedures.
- Experiencewith the myriad of regulatory compliance or privacy frameworks our clientbase is subject to (e.g., HIPAA, PII, PCI-DSS, SOX, STARS, NERC-CIP, GDPR,CCPA).
- Familiaritywith related standards/frameworks (e.g., Secure Control Framework, SSAE-16SOC1, ISO 27001, NIST 800-171, NIST CSF, CMMC, SOC2, ISO-22301, ISO-9001).
- A generalunderstanding of cyber security technologies or security issues such as:Hardware or Virtual Network Firewalls, Cloud Native Firewalls, Identityand Access Management (IAM), Zero Trust, Cloud Access Security Brokers(CASB), Secure Web Gateways (SWG), Distributed Denial of Service (DDoS)protection, Web Application Firewalls (WAF),and Network Detection and Response (NDR).
About Pivot Point Security
We're a small, but growing, company. So, we do our best to keep the right people at PPS (most of our team has been together for 6+ years) by aspiring to:
- Ahigh-performance work environment with extremely passionate, driven andexperienced technical professionals. At Pivot Point Security, you willfind colleagues you can respect and learn from.
- A managementsystem where all employees participate in establishing the company'sgoals/initiatives and have ready visibility into the company'sperformance. We're working hard to create processes and metrics to measureour, *and your) success.
- Anenvironment where relationships are important, internally and externally.We provide the highest levels of customer service and strive to alwaysexceed our clients' expectations.
- Acompetitive salary (more than most) with a F100 level benefits package (e.g.,medical, dental, vision, HCFSA, 401K w/ company match, 529 CollegeSavings, vacation and personal days).
- Providingindividuals, the opportunity to develop by giving them the resourcesrequired, surrounding them with great colleagues, and allowing them totake on new/big challenges.
As a Company, We:
1. Tell the Truth (Honesty is almost always the best policy)
2. Do the Right Thing (Keep commitments, over-communicate, be transparent, confident, worthy of/thrive on freedom)
3. Smile (Life is too short not to ... likeability is nearly as important as competence)
4. Seek "Win-Win" (Think cooperative, not competitive - seek mutual benefit in all interactions)
5. Provide Clear and Actionable Guidance
7. Are Customer Focused
At Pivot Point Security, we don't just accept difference - we celebrate it, we support it, and we thrive on it for the benefit of our employees, our clients, and our community. Pivot Point Security is proud to be an equal opportunity workplace
Pivot Point Security
TechnologyView all jobs at Pivot Point Security