HBR Consulting LLC

  • Senior Security Consultant

    Posted Date 3 months ago(6/1/2018 12:44 PM)
    Job ID
    2018-1198
    # of Openings
    1
    Location : Location
    US-OH-Dayton
    Practice Group
    Managed Technology Services
  • Overview

    The role will analyze risks and help operate the managed services security program for clients. The position requires strong technical skills, allowing for execution of security processes with minimal guidance and helping to achieve operational efficiencies therein. This individual will assist with reviewing existing tools, applications and processes to help strengthen and optimize current capabilities, as well as identifying any gaps or technical solutions to further enhance the team’s effectiveness

    Responsibilities

    • Assist in implementing security programs in support of clients: execute project deliverables as assigned.
    • Collaborate on practical security solutions to address emerging threats and compliance requirements, including design, implement and operationalize recommended solutions.
    • Compliance and governance: help achieve/advise on compliance, identify compliance initiatives, and assist in authoring and promoting appropriate security policies.
    • Lead implementation of MSSP services - analyze, and review security events for anomalous activity, collaborate with respective peer groups to take appropriate action to safeguard company and client information assets against current and foreseen threats.
    • Will manage security specific tools (SIEM, VM tools, etc) and work with different vendors to manage outcomes.
    • Perform assessments; identify security threats and vulnerabilities across the client environments; implement controls; provide reporting and analysis to appropriate teams.
    • Communicate to affected stakeholders including departments within the company; develop program procedures including guidelines and flow diagrams to be implemented on an ongoing basis; and develop tools or metrics that allow for the measurement of successful program implementation.
    • Communication and outreach: maintain communication with peers throughout the organization and security contacts including business units and client locations; assist in identifying appropriate communication methods; deliver solutions to help raise security awareness; and develop and disseminate information regarding security controls and newly identified risks.
    • Empower the staff to be accountable and responsible for their own actions and decisions as the control owners.
    • Remain current on industry standards for security in a technology environment.
    • All other duties as assigned

    Qualifications

    • 5+ years of IT security experience
    • BS Engineering/Computer Science or equivalent experience required
    • Licensing/certification desired (at least one of the following): CISSP, CISM, SANS, GIAC (or related), ethical hacking/penetration tester certification, and/or security risk assessment certification
    • Experience working in or knowledge of SOC 2 Type II and ISO 27001 environments

    Technical Skills:

    • Proven ability to monitor security systems for threats; ability to conduct vulnerability assessments, threat analysis, and reporting.
    • Ability to analyze security events for anomalous activity; ability to identify emerging security threats.
    • Strong organization/project planning, time management, and change management skills across multiple functional groups and departments, and strong delegation skills involving prioritizing and reprioritizing projects and managing projects of various size and complexity.
    • Strong understanding of compliance and governance initiatives.
    • Understanding and promotion of security policies.
    • Implementation of security programs.
    • Strong communication (verbal and written) and customer service skills. Strong interpersonal, communication, and presentation skills applicable to a wide audience including senior and executive management, customers, etc., including diction/terminology and presenting information in a concise and effective manner to clients, management, and various departments using assorted communication mediums
    • Problem-solving skills.
    • Knowledge of security environments.
    • Understanding of industry standards such as ISO 27001, HIPAA/HITECH, SOC 2 and NIST CSF.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed