Security Transformation Consultant

Security Transformation Consultant

Department: Blue Mantis

Employment Type: Full Time

Location: Remote

Description

The primary responsibility of the Security Transformation Consultant is to deliver Information Security, Compliance and IT Risk Management services and solutions that improve Blue Mantis customers’ security posture and ability to preempt and respond to threats and vulnerabilities. This includes continuous improvement for the confidentiality, integrity and availability of our customers’ technology and data, processes, people and organization and vendors and supply chain. 
The Security Transformation Consultant will work as part of the Security Practice team to provide leadership assistance and solution architecture in both a pre- and post-sales consultative capacity that includes managed and professional services. 

The Security Transformation Consultant will also work in a supporting role and assist with customer escalations. This may include security, IT and risk advisory related services.

Key Responsibilities

• Act as CISO on Demand or virtual CISO for Blue Mantis customers
• Deliver security consulting engagements and assessments for customers following standard methodologies such as NIST 800-53/171/CSF, SANS CIS Top 20, ISO 27001/2, AWS and Azure Well-architected frameworks, etc.
• Build business resilience services including BIA, BCP and DR strategies and planning.
• Provide IT and Security Risk Management services (qualitative and quantitative) 
• Assist with development, delivery, and operational support of managed services and managed security services.  
• Develop information security plans and policies, customized to client requirements and risk profile.
• Architect and design of security solutions for client environments. This may include hands on configuration support for customer systems and tools.
• Assess IT network and security architectures as they relate to managing identities and access privileges, delegated administration models, workflow, and access control models.
• Assist pre-sales client engagement opportunity initiatives, including the architecture, scoping, and creation of client engagement proposals. 
• Consult with customer and provide recommendations on IT solutions to help clients manage information security risk.
• Formulate executive level recommendations related to information security strategy.
• Provide oversight and leadership for other team members during client engagement execution, ensuring timely progress, achievement of objectives, and delivery quality.
• Enhance team competence by answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members.
• Track emerging security practices, threats and vulnerabilities and contribute to building internal go-to-market strategy.
• Continue to develop security skills and certifications necessary for the Information Security Consultant role.

 Additional Responsibilities

• Support and help build / improve customer security and privacy risk, compliance and regulatory program initiatives such as HIPAA/HITRUST, GDPR/CCPA/NYS SHIELD/MA 201CMR 17, PCI, SOC-2, SEC, etc.
• Develop incident response plans, procedures, and advise customers on steps to achieve incident response readiness (logging and monitoring configurations, triage and escalation procedures, wider stakeholder liaison, tabletop exercise, etc.)
• Consult during customer engagements to evaluation the processes, controls, and associated risks with respect to good practices such as ITIL and DevOps and information security.

Blue Mantis does not accept unsolicited agency resumes and ask that you do not forward resumes to Blue Mantis employees, any physical Blue Mantis location, or any Blue Mantis email address. We take no responsibility for any fees related to unsolicited resumes. This also applies for reaching out directly to Blue Mantis Employees & Blue Mantis Managers or Blue Mantis executives.  

Skills, Knowledge & Expertise

• 5+ years as an IT Leadership role
• 5+ years in a Security Consulting role
• 5+ years in progressively sophisticated roles in information security consulting, coupled with demonstrable experience in various Cybersecurity domains, including security strategy, security architecture, security consulting and security operations in hybrid computing environments.
•  Proven experience conducting assessments following frameworks such as ITIL, NIST CSF, ISO 27000, HIPAA, HITRUST, PCI, and CIS
• Understanding of networking fundamentals is required.
• Cloud security experience in AWS, Azure / Microsoft 365 platforms.  Cloud security certification required or within 6 months of hire.
• Experience and background in security operations related to SIEM, SOC, EDR, and MDR solutions and platforms.
• The position requires a strong, diverse technical background and exceptional oral and written communications skills. Experience communicating across all levels of an organization with demonstrated experience communicating at an executive and Board of Directors level.
• The candidate must demonstrate proven success in working in a team as well as independently and exhibit follow-through to understand root causes of issues. A collaborative approach is a must, as well as the ability to effectively communicate with a wide range of technical and non-technical personnel.
• This position requires handling multiple engagements with overlapping deadlines. A demonstrated ability to write clear, coherent, and precise reports on a multiplicity of complex technical issues is essential.
• High-level technical skills supporting IT related projects and customers.
• Experience in process and methodology development including ability to recognize areas for internal improvement and make recommendations for improvement.
• Experience with data privacy laws and regulations including GDPR, CCPA, SHEILD, 201 CMR 17.00, SEC ruling and other
• Must be able to work in a fast-paced environment

Preferred Experience 

• Previous experience as a CISO or virtual CISO or CIO
• In depth system knowledge in security related tools necessary for assessments and testing
• Information Security Consultant with relevant security certifications, for example (CISSP, CISA, CISM, GIAC, OSCP, CEH, CNDA, Security+) 
• Subject matter expert in AWS and/or Microsoft Azure / Microsoft 365 security
• Excellent written and verbal communication skills
• Experience conducting IT and cybersecurity assessments
• Experience supporting compliance audits and coordinating with auditors
• Experience with Business Impact Analysis and Business Continuity Planning
• Minimum of 4 Year College degree desired, master’s degree and above in related field is a plus.
• Must possess or be able to quickly gain a thorough understanding of Blue Mantis service offerings, technical capabilities, and technical direction
• Understanding of Managed Services and MSSP services
• Demonstrated ability to address and resolve escalations
• Demonstrated ability to identify and mitigate risk across projects