Position: Cybersecurity Consultant
Location: Malvern, PA
Duration: 1 Year Plus
GENERAL FUNCTION
The Cybersecurity Consultant is responsible for providing technical and operational expertise in information security systems, principles and practices to ensure the protection of information assets.
As a Cybersecurity Consultant, you will help shape security innovation and play a key role in the evolution of the corporation's security architecture and solutions in support to current and new business initiatives. You will work as part of a security team to provide security guidance for new and existing projects and initiatives, with a focus on cloud based solutions. The ideal candidate also will work to define and implement security solutions to enhance protection of assets. The goal of the position is to contribute to the maturing of the company's infrastructure security architecture and technology frameworks, improving overall enterprise security posture and cultivating company-wide culture of security-awareness. You will advise service owners on security risk management and how to effectively balance security and business requirements, and you will provide expert advice during multiple project phases, communicating security strategy to both technical and non-technical audiences. This position utilizes strong technical knowledge, skills and expertise with a variety of IT and security technologies.
DUTIES/RESPONSIBILITIES
• Participate in security architecture development utilizing a service (SOA) approach to common security services, with a focus on cloud based solutions.
• Participate in development of security architectural frameworks and reference model that form the basis of security infrastructures and are instrumental in delivering security services.
• Design, build and implement enterprise-class security systems and data protection strategies, architectures and implementation plans
• Provide security expertise and direction to the project on security architecture and design, software development, operationalization, maintenance, governance, and risk management.
• Responsible for developing technical standards, procedures, within a technology or process domain by designing, integrating, and modifying the corporation's management, measurement, and reporting tools for successful implementation of the Information Security Program at the corporation.
• Influences internal partners to ensure they build solutions consistent with the organization's policies, programs, architectural recommendations, and information security standards.
• Contributes to portfolio design initiatives by implementation and adoption of security related infrastructure/technology associated with networks, internet, messaging, operating systems, firewalls, VPNs, intrusion detection, cryptography, Wi-Fi, cloud and mobile solutions.
• Responsible for development, deployment and fine tuning of security products such as Security Incident and Event Management, Data Loss Prevention, Intrusion Detection & Prevention, Endpoint Security, Email Security, Web Application Firewall, Cloud Access Security Broker, Application security
• Supports new projects in formulating security requirements.
• Provides recommendations on appropriate security technology and controls for new projects, based on the corporation's security policy and standards.
• Proposes new security services to provide consistency and to promote efficiency to meet business requirements.
• Represents Information Security in multiple concurrent projects.
• Conducts security and risk assessments.
• Identifies the risks resulting from the lack of compliance with internal controls and the risks related to the corporation's assets, while ensuring that adequate controls are maintained.
• Works collaboratively with internal teams to identify solutions and actions needed as a result of security and risk assessment issues.
• Interfaces with technology and business-services vendors, to ensure that the corporation acquires products and services that protect confidentiality, integrity and availability of the corporation's informational assets.
• Travel up to 10%
EDUCATION
• Bachelor's degree in Computer Science or a related discipline, or equivalent work experience.
• Candidates are preferred to hold or be actively pursuing related security professional certifications such as CISSP, CISM or CISA and TOGAF
EXPERIENCE
• Minimum 5 years of experience in handling at least one of the following technologies in an enterprise environment – Encryption, Data Loss Prevention, Security Incident and Event Management, Intrusion Prevention, Endpoint Security, Cloud Access Security Broker, Web Application Firewall, Email Security Gateway, Application Security, Vulnerability Management
• Minimum of 1-year experience working in financial services– particularly focused on compliance to regulatory requirements.
• Experience working on AWS, Azure or Google Cloud Platform
• Minimum of 1-year experience related to at least two of the following: risk assessments, security and privacy policy development, data protection or security strategy, general IT, data privacy and security controls development, compliance readiness (i.e. GDPR, NYDFS, PCI, GAPP, SOX, HIPPA, GLBA) or technical security architecture/design
• Experience in wring scripts using Perl/python
SKILLS
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
• Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
• Poise and ability to act calmly and competently in high-pressure, high-stress situations.
• Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), and Payment Card Industry/Data Security Standard.
• Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
• Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT and NIST.
• High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.
• High degree of initiative, dependability and ability to work with little supervision.
• Passion for delivering the best client experience both internally and externally
• Demonstrated ability to work independently and collaboratively with all levels of staff and management across multiple partner teams (influence-based model)
• Understanding of concepts such as DevOps, Continuous Integration/Delivery, Test Driven Development
• Proven management and leadership skills, coaching and mentoring development teams
• Exemplary collaboration, interpersonal, and presentation skills
• Superior skill and ability in multi-tasking and appropriate prioritization
• Ability to effectively respond to dynamically changing work environment and to positively influence business outcomes
• Working knowledge of delivery methodologies – Lean/Agile, SDLC, SDM etc.
• Intermediate to expert skills with MSFT office suite: Word, Excel, Powerpoint, Visio
Regards
Philip
You received this message because you are subscribed to the Google Groups "SureShotJobs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sureshotjobs+unsubscribe@googlegroups.com.
To post to this group, send email to sureshotjobs@googlegroups.com.
Visit this group at https://groups.google.com/group/sureshotjobs.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment