REMOTE-Information Security Consultant (GRC/Audit/ISO 27001)
Remote - Hamilton Township, New Jersey, United States
Applications have closed
Pivot Point Security
Are you an experienced lead information security auditor/implementer? Have you authored policies? Have you worked as a consultant before?
If you also thrive in a dynamic environment, like challenges and believe work and fun are not mutually exclusive, then maybe you are the one we’re looking for. We need team players who are smart and creative, who love IT assurance and who want to grow with a growing company: who are as comfortable talking with senior management about Information Security Management Systems and attestation strategies as they are with a developer or sysadmin about TLSv1.2.
We are looking for the “right” person with ISO 27001 experience to join our team as a GRC (Governance, Risk Management and Compliance) Consultant to work in a collaborative fashion with our clients to help them manage Information Security & compliance risk as well as prove the same to management and customers. While we may consider other types of implementer/auditor experience, our primary preference for this role is those who have led ISO 27001 implementations and audits. Experience with Privacy (ISO 27701/GDPR/CCPA) and/or SOC 2 Type 1 and Type 2 are a plus. In this role, you will spend 10 - 35% of your time at client sites (post Covid, of course!) and the rest of your time working from wherever you work most effectively.
Requirements
We expect this person will:
- Track and ensure adequate and timely resolution to all audit and risk assessment findings or issues relating to information security, and never miss a deadline.
- Effectively and appropriately communicate audit engagement reports and recommendations to client management and resolve any client concerns or questions.
- Meet/exceed defined contribution goals for services you will deliver.
- Achieve target Net Promoter Scores for your service by managing client relationships.
- Ensure 100% certification success rate on ISMS projects.
- Earn and gain the trust and respect of the PPS team.
- Grow into a role with increasing responsibility
The right person HAS the following characteristics (these are “non-negotiable”):
- Personal integrity, a highly transparent nature, and a mind-set of “mutual benefit”.
- Thrives on and is worthy of self-managing the projects they are responsible for (micro-management is a four-letter word at PPS).
- Has very high “Self-Expectation” (self-motivated, self-aware, self –disciplined, self-improving, and self-governed). You hold yourself to a higher standard than others do.
- Enjoys work and life, values a balance, and is looking for a company that shares those ideals (understands that you do not get a second chance to see your child’s first school play and that it does not matter if the report gets done at 3:00 PM or 10:00 PM, if it gets done).
- Highly consultative and collaborative nature; someone who enjoys helping others achieve ambitious business and information assurance goals.
- Effectively and proactively communicates in writing/speech both internally/externally from the server room to the board room.
- The ability to “work from anywhere” as this role is remote/virtual in nature.
- A good sense of humor and the ability to laugh at themselves.
- Significant experience leading information security engagements with a preference for IS0 27001 and Privacy implementation and audits.
- Solid knowledge of ISO 27701/CCPA/GDPR Privacy frameworks.
The right person usually has the following experience (these are somewhat negotiable):
- Experience in leading or knowledge with implementations
- Experience authoring policies and procedures
- Significant experience working as a consultant working in a consulting firm managing multiple client projects.
- Significant knowledge of ISO 27001/2 and its derivatives (e.g., HITRUST, Shared Assessment) as much of our consulting and collaboration is around an ISO 27001 Information Security Management System.
- Knowledge of the NIST 800-171/FISMA/CMMC framework and is derivatives (e.g., Fed RAMP, CMS Information Security Program) as many of our clients serve government customers.
- Experience with ISO 22301 and Business Continuity.
- Enough Information Technology and Information Security experience to contextualize and make their recommendations relevant and valuable.
- Experience and knowledge with Governance, Risk Management and Compliance
- A desire to take on roles of increasing responsibility including defining services, managing teams and coordinating resources.
The right person often has the following attributes (these are negotiable):
- Experience with the myriad of regulatory compliance frameworks our client base is subject to (e.g., HIPAA, PII, PCI-DSS, SOX, STARS, NERC-CIP).
- Prior experience developing services for delivery and managing a team.
- Certifications that demonstrate to our clients our commitment to excellence in our craft (e.g., ISO 27001 Lead Implementer, CISA, CISSP, ISO 27001 Lead Auditor, CCSA, MCSE, CEH, OSCP).
- Familiarity with related standards (e.g., SSAE-16 SOC1, SOC2, ISO-22301, ISO-9001).
Benefits
About Pivot Point Security
We’re a small, but growing, company. So, we do our best to keep the right people at PPS (most of our team has been together for 6+ years) by aspiring to:
- A high-performance work environment with extremely passionate, driven and experienced technical professionals. At Pivot Point Security, you will find colleagues you can respect and learn from.
- A management system where all employees participate in establishing the company’s goals/initiatives and have ready visibility into the company’s performance. We’re working hard to create processes and metrics to measure our, *and your) success.
- An environment where relationships are important, internally and externally. We provide the highest levels of customer service and strive to always exceed our clients’ expectations.
- A competitive salary (more than most) with a F100 level benefits package (e.g., medical, dental, vision, HCFSA, 401K w/ company match, 529 College Savings, vacation and personal days).
- Providing individuals, the opportunity to develop by giving them the resources required, surrounding them with great colleagues, and allowing them to take on new/big challenges.
As a Company, We:
1. Tell the Truth (Honesty is almost always the best policy)
2. Do the Right Thing (Keep commitments, over-communicate, be transparent, confident, worthy of/thrive on freedom)
3. Smile (Life is too short not to … likeability is nearly as important as competence)
4. Seek “Win-Win” (Think cooperative, not competitive - seek mutual benefit in all interactions)
5. Provide Clear and Actionable Guidance
6. Simplify
7. Are Customer Focused
At Pivot Point Security, we don’t just accept difference — we celebrate it, we support it, and we thrive on it for the benefit of our employees, our clients, and our community. Pivot Point Security is proud to be an equal opportunity workplace
Tags: Audits CCPA CEH CISA CISSP CMMC Compliance FISMA GDPR Governance HIPAA HITRUST ISMS ISO 22301 ISO 27001 NIST OSCP Privacy Risk assessment Risk management SOC 1 SOC 2
Perks/benefits: 401(k) matching Career development Competitive pay Equity Health care
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Security Analyst jobs
- Open Information Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open IPS-related jobs