Senior Security Consultant

CompliancePoint • Duluth, GA, US • 5m ago

Senior Security Consultant

Hours Worked/Employment Category: Full-Time (Minimum 40 hours per week)

What is the general purpose of the position?

This position will focus on validating compliance for clients under PCI DSS, SOC 2, and ISO 27001. As a Senior Security Consultant, you will assist the client’s management team to identify risk, advise clients about data protection strategies and help clients work towards compliance. You will also be in an oversight role of the Security Consultants / Associate Security Consultants and will be the project lead for each of your client assessments.

Work Conditions: This is a hybrid position with the ability to work from home or from the office depending on your preference. You will be required to come into the office periodically based on client projects, to connect with the team, and to ensure on-time delivery to client deadlines. Our business casual office is located in Duluth, GA.

Responsibilities:

Have a "Client-First" mentality to ensure that we are meeting and exceeding client objectives and providing a one-of-a-kind positive experience for our clients.
Lead client engagements throughout the full PCI, SOC, and ISO lifecycle (from scoping through fieldwork and reporting
Oversee Associated Qualified Security Assessors on a day-to-day basis throughout the client engagement
Work with at least 3-4 client projects at the same time.
Assess clients against the applicable PCI, SOC, and ISO controls
Be the “face” of CompliancePoint in conjunction with the Senior Manager during client projects
Conduct interviews with client personnel
Review evidence to validate compliance
Conduct physical or remote assessments
Complete sample testing, workpapers, and report in conjunction with the AQSA(s)
Be available and responsive during business hours for clients and the team internally
Provide guidance and consultation to clients to facilitate adherence with the standards
Provide mentorship and guidance to junior team members
Maintain a minimum of 75-85% client chargeable utilization (at least 30-34 hours of billable time) throughout each week (with total time for the week still being a minimum of 40 hours).
Develop strong technical skills through client engagements and outside trainings and research.
Research changing regulatory issues and compliance changes within the industries that our clients are in.
Conduct and write-up consultative deliverables with attention to detail and accuracy, on-time completion and strong quality.
Work on multiple client projects at-a-time, while prioritizing appropriately based on deliverables and timelines.
Focus on client needs and goals, promptly responding to questions with consultative support and recommendations.
Develop and present on various compliance topics to peers and clients.
Develop professional relationships with clients to maintain a high degree of trust and brand awareness.
Maintain a positive and professional attitude with clients (externally) and with the team (internally)

Educational Requirements: At least a Bachelor’s Degree in Management Information Systems, Computer Science or Information Security, or similar. (Emphasis on security principles or compliance or cybersecurity is a plus)

Experience and Skill Requirements:

Minimum of three (3) years of client-facing experience conducting PCI, SOC, and/or ISO audits
Minimum five (5) years of experience auditing information security controls/frameworks and evaluating business processes
In-depth knowledge of current v4.0 PCI DSS requirements, SOC 2 controls, and ISO 27001: 2022 standards
Must currently hold an active Qualified Security Assessor (QSA) certification

- OR -

Must currently hold one (1) of the following Information Security certifications (for QSA eligibility):

Certified Information System Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified ISO 27001 Lead Implementer 1
Registered Information Security Specialist (RISS)
- AND -

Must currently hold one (1) of the following Audit certifications (for QSA eligibility)

Certified Information Systems Auditor (CISA)
Systems and Network Auditor (GSNA)
Certified ISO 27001, Lead Auditor, Internal Auditor 1
ISMS Auditor or higher (e.g., Auditor/Lead Auditor, Principal Auditor)
Certified Internal Auditor (CIA)

Project management experience
Outstanding interpersonal skills with customers/clients
Strong work ethic and self-motivation
Great presence and social skills in front of customers
Excellent oral and written communication skills
Ability to work in a team environment effectively and efficiently
Be a team player and come to work each day with a positive attitude and a willingness to learn
Responsive in emails and instant messages
Strong understanding of networking technologies and cybersecurity concepts.
Proficiency in Microsoft Products (Excel, Word, PowerPoint, Outlook).
Follow direction and deliver timely on critical project milestones.
Conduct yourself with professionalism in all interactions with clients/customers and the team.
Willingness to strive for continuous improvement and take on additional responsibility to help out the team when needed.
Bring a positive “can do” attitude to our team!
New ideas are always encouraged and embraced!
Willing to travel at least 20-30%

A Different Kind of Consulting & Audit Company

The difference is simple — we understand the importance of compliance and risk mitigation at a procedural level. That comes from our history of successful consulting and audit engagements, including those for many Fortune 500 firms and global industry leaders.

But more importantly, we understand the impact non-compliance and risk exposure can have on businesses.

We collaborate with companies to design and implement strategies, processes, and procedures that help mitigate risk, reach compliance goals, protect data assets, and meet industry standards.

Our Mission:

“Enable responsible customer interaction”

Our Vision:

“Deliver world class services and technology helping customers manage risk within privacy, information security, and their vendor network”