Security Transformation Consultant
Remote
Blue Mantis
Department: Blue Mantis
Employment Type: Full Time
Location: Remote
Description
The primary responsibility of the Security Transformation Consultant is to deliver Information Security, Compliance and IT Risk Management services and solutions that improve Blue Mantis customers’ security posture and ability to preempt and respond to threats and vulnerabilities. This includes continuous improvement for the confidentiality, integrity and availability of our customers’ technology and data, processes, people and organization and vendors and supply chain.The Security Transformation Consultant will work as part of the Security Practice team to provide leadership assistance and solution architecture in both a pre- and post-sales consultative capacity that includes managed and professional services.
The Security Transformation Consultant will also work in a supporting role and assist with customer escalations. This may include security, IT and risk advisory related services.
Key Responsibilities
- Act as CISO on Demand or virtual CISO for Blue Mantis customers
- Deliver security consulting engagements and assessments for customers following standard methodologies such as NIST 800-53/171/CSF, SANS CIS Top 20, ISO 27001/2, AWS and Azure Well-architected frameworks, etc.
- Build business resilience services including BIA, BCP and DR strategies and planning.
- Provide IT and Security Risk Management services (qualitative and quantitative)
- Assist with development, delivery, and operational support of managed services and managed security services.
- Develop information security plans and policies, customized to client requirements and risk profile.
- Architect and design of security solutions for client environments. This may include hands on configuration support for customer systems and tools.
- Assess IT network and security architectures as they relate to managing identities and access privileges, delegated administration models, workflow, and access control models.
- Assist pre-sales client engagement opportunity initiatives, including the architecture, scoping, and creation of client engagement proposals.
- Consult with customer and provide recommendations on IT solutions to help clients manage information security risk.
- Formulate executive level recommendations related to information security strategy.
- Provide oversight and leadership for other team members during client engagement execution, ensuring timely progress, achievement of objectives, and delivery quality.
- Enhance team competence by answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members.
- Track emerging security practices, threats and vulnerabilities and contribute to building internal go-to-market strategy.
- Continue to develop security skills and certifications necessary for the Information Security Consultant role.
- Support and help build / improve customer security and privacy risk, compliance and regulatory program initiatives such as HIPAA/HITRUST, GDPR/CCPA/NYS SHIELD/MA 201CMR 17, PCI, SOC-2, SEC, etc.
- Develop incident response plans, procedures, and advise customers on steps to achieve incident response readiness (logging and monitoring configurations, triage and escalation procedures, wider stakeholder liaison, tabletop exercise, etc.)
- Consult during customer engagements to evaluation the processes, controls, and associated risks with respect to good practices such as ITIL and DevOps and information security.
Skills, Knowledge & Expertise
- 5+ years as an IT Leadership role
- 5+ years in a Security Consulting role
- 5+ years in progressively sophisticated roles in information security consulting, coupled with demonstrable experience in various Cybersecurity domains, including security strategy, security architecture, security consulting and security operations in hybrid computing environments.
- Proven experience conducting assessments following frameworks such as ITIL, NIST CSF, ISO 27000, HIPAA, HITRUST, PCI, and CIS
- Understanding of networking fundamentals is required.
- Cloud security experience in AWS, Azure / Microsoft 365 platforms. Cloud security certification required or within 6 months of hire.
- Experience and background in security operations related to SIEM, SOC, EDR, and MDR solutions and platforms.
- The position requires a strong, diverse technical background and exceptional oral and written communications skills. Experience communicating across all levels of an organization with demonstrated experience communicating at an executive and Board of Directors level.
- The candidate must demonstrate proven success in working in a team as well as independently and exhibit follow-through to understand root causes of issues. A collaborative approach is a must, as well as the ability to effectively communicate with a wide range of technical and non-technical personnel.
- This position requires handling multiple engagements with overlapping deadlines. A demonstrated ability to write clear, coherent, and precise reports on a multiplicity of complex technical issues is essential.
- High-level technical skills supporting IT related projects and customers.
- Experience in process and methodology development including ability to recognize areas for internal improvement and make recommendations for improvement.
- Experience with data privacy laws and regulations including GDPR, CCPA, SHEILD, 201 CMR 17.00, SEC ruling and other
- Must be able to work in a fast-paced environment
Preferred Experience
- Previous experience as a CISO or virtual CISO or CIO
- In depth system knowledge in security related tools necessary for assessments and testing
- Information Security Consultant with relevant security certifications, for example (CISSP, CISA, CISM, GIAC, OSCP, CEH, CNDA, Security+)
- Subject matter expert in AWS and/or Microsoft Azure / Microsoft 365 security
- Excellent written and verbal communication skills
- Experience conducting IT and cybersecurity assessments
- Experience supporting compliance audits and coordinating with auditors
- Experience with Business Impact Analysis and Business Continuity Planning
- Minimum of 4 Year College degree desired, master’s degree and above in related field is a plus.
- Must possess or be able to quickly gain a thorough understanding of Blue Mantis service offerings, technical capabilities, and technical direction
- Understanding of Managed Services and MSSP services
- Demonstrated ability to address and resolve escalations
- Demonstrated ability to identify and mitigate risk across projects
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits AWS Azure CCPA CEH CISA CISM CISO CISSP Cloud Compliance DevOps EDR GDPR GIAC HIPAA HITRUST Incident response ISO 27000 ISO 27001 ITIL Monitoring NIST NIST 800-53 OSCP Privacy Risk management SANS Security strategy SIEM SOC Strategy Teaching Vulnerabilities
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Officer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cybersecurity Analyst jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open Security Specialist jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Security Operations Analyst jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open Security assessment-related jobs
- Open APIs-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open Forensics-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs