Under the general supervision of the Information Security Assurance Manager, the Senior Information Risk Consultant (Cybersecurity Assurance) will provide expertise in defining, designing, engineering, and validating security configurations for technology platforms both in the cloud and on-premise. The role will involve close collaboration with internal and external stakeholders to address both current and emergent business needs while safeguarding the integrity and security of information, applications, systems, and infrastructure.
Key Responsibilities
- Cybersecurity Assurance Expertise: Lead initiatives providing cybersecurity assurance across a broad range of IT projects. Guide and validate security control standards and technology-specific configuration baselines for both cloud and on-premise technology platforms.
- Impartial Reporting: Produce unbiased security risk reports and audits, ensuring comprehensive security solutions.
- Quality Assurance: Conduct reviews of security requirements and audit recommendations for implementation.
- Stakeholder Communication: Educate and effectively communicate security design, technical configurations, and lifecycle management to stakeholders.
- Collaboration: Work with IT project teams to create implementation plans for new security products and services.
- Advocate for Information Security: Proactively collaborate with service providers and business units to ensure robust security solutions while identifying opportunities for improvement.
- Audit and Compliance: Monitor and assess compliance with security standards and audit recommendations.
- Additional Responsibilities:
- Support maintaining ISO 27001 certification by promoting self-compliance with policies among IT staff.
- Stay current with international information security regulations and standards such as ISO 27001/27002.
- Recommend and implement process improvements within the context of information security.
Experience Required
- Proven experience in technical security assurance/engineering, particularly within regulated industries.
- Extensive experience working with a broad range of Azure services.
- Advanced knowledge of:
- Azure Cloud, Microsoft 365 security controls, and future roadmaps.
- Microsoft Entra, Azure Key Vault, Microsoft Defender for Cloud, Azure Monitor, and Azure Network Security.
- Security configurations for Microsoft Purview and other Azure-based tools.
- Demonstrated expertise in securing infrastructure, applications, and databases.
- Hands-on experience with security configuration for both cloud and non-cloud platforms.
- Consulting experience in security hardening for applications and infrastructure.
- Ability to balance security requirements with business realities and quickly adapt to new technologies.
- Knowledge of emerging security threats and countermeasures.
Required Soft Skills
- Analytical Thinking: Ability to synthesize information from multiple sources and develop strategic solutions.
- Communication: Strong verbal and written communication skills, capable of conveying complex technical concepts to non-technical stakeholders.
- Creative Problem-Solving: Ability to think laterally and develop complex solutions for technical issues.
- Interpersonal Skills: Cultivate trust and openness with colleagues and stakeholders.
- Pressure Handling: Strong time management and ability to meet tight deadlines while maintaining quality and focus.
- Organization and Responsiveness: Ability to handle multiple tasks simultaneously and drive results.
- Collaboration: Excellent relationship management and the ability to work effectively in teams.
- Conflict Resolution: Strong facilitation skills to manage conflict and ensure smooth working relationships.
Education
Graduation Year: 2015 or earlier
- Bachelor’s Degree in Information Security, Computer Science, Engineering, Mathematics, Business, or related field plus a minimum of 12 years of relevant experience in regulated industries as an information risk manager or IT security architect.
- OR
- Advanced Degree in Information Security, Computer Science, Engineering, Mathematics, Business, or related field with a minimum of 6 years of relevant experience in the same role.
Certifications
- Minimum Required: CISSP or CISM
- Preferred Certifications:
- CCSP
- Microsoft Certified: Cybersecurity Architect Expert
- Microsoft Certified: Azure Solutions Architect Expert
