Principal Security Consultant | GRC (Remote)

Who is Trace3?

Trace3 is a leading Transformative IT Authority, providing unique technology solutions and consulting services to our clients. Equipped with elite engineering and dynamic innovation, we empower IT executives and their organizations to achieve competitive advantage through a process of Integrate, Automate, Innovate.

Our culture at Trace3 embodies the spirit of a startup with the advantage of a scalable business. Employees can grow their career and have fun while doing it!

Trace3 is headquartered in Irvine, California. We employ more than 1,000 people all over the United States. Our major field office locations include Atlanta, Denver, Detroit, Indianapolis, Grand Rapids, Lexington, Los Angeles, Louisville, San Diego, San Francisco, and Scottsdale.  

Ready to discover the possibilities that live in technology?

Come Join Us!

Street-Smart - Thriving in Dynamic Times

We are flexible and resilient in a fast-changing environment. We continuously innovate and drive constructive change while keeping a focus on the “big picture.” We exercise sound business judgment in making high-quality decisions in a timely and cost-effective manner. We are highly creative and can dig deep within ourselves to find positive solutions to different problems.

Juice - The “Stuff” it takes to be a Needle Mover

We get things done and drive results. We lead without a title, empowering others through a can-do attitude. We look forward to the goal, mentally mapping out every checkpoint on the pathway to success, and visualizing what the final destination looks and feels like.

Teamwork - Humble, Hungry and Smart

We are humble individuals who understand how our job impacts the company's mission. We treat others with respect, admit mistakes, give credit where it’s due and demonstrate transparency. We “bring the weather” by exhibiting positive leadership and solution-focused thinking. We hug people in their trials, struggles, and failures – not just their success. We appreciate the individuality of the people around us.

About the Role:

The Principal Security Consultant will provide education and thought leadership on the implementation of information security frameworks to guide investments in IT security programs for Trace3 clients. This role will have intimate knowledge of best practices for security controls (people, process, and technology) across all cybersecurity domains common to an enterprise IT security program. This role will be able to lead and contribute to information security workshops, discovery assessments, security maturity modeling projects (including target and current state definitions), target state roadmaps/implementation planning, and development of security policies, procedures, standards, and guidelines. The GRC Principal Consultant will demonstrate the ability to align information security with client business goals using a risk-based approach in the core areas of IT security including Identity and Access Management, Data Security, Applications Security, Network Security and Engineering, Security Program Strategy (including security frameworks) and Operations. A key function of this role will be building deep relationships, gaining trust, and enabling client success.

What You’ll Do:

• Implement industry security frameworks (e.g., NIST, CSF) and translate these into tailored, prescriptive control environments to guide security program investments in people, process, and technology
• Assess and develop security program policies, procedures, standards, and guidelines which are aligned to industry best practice and account for applicable compliance/regulatory requirements
• Develop security program strategies and recommendations along with affiliated roadmaps and project plans – this may involve facilitating and delivering security program workshops and discovery sessions to assist clients with defining an overarching strategy for their security program
• Perform IT/IS control and risk assessments and providing recommendations across people, process, and technology to fill noted gaps
• Develop deliverables and presentations for client leadership (up to C-suite) which could include requirements documentation, gap analysis, program maturity models, short/long term program roadmaps and security tool rationalization outputs
• Lead large security initiatives in complex IT and business environments
• Capture detailed meeting notes and workshop findings/take-aways
• Perform maturity modeling and analysis to identify, analyze, and resolve business problems
• Establish strong and lasting relationships with key stakeholders and decision makers in client organizations
• Develop education and mentoring opportunities for more junior consultants
• Coordinate with more senior consultants to ensure all deliverables are well drafted and in line with Trace3 and client expectations

Qualifications & Interests:

• Bachelor’s degree from an accredited university required
• Minimum of 6-8 years’ experience in security consultant/analysis experience required
• Minimum of 6-8 years’ experience in enterprise security experience required
• CISSP, CISA, CISM, CIPP or equivalent security or privacy certification strongly desired
• Strong expertise assessing the maturity of IT security programs and capabilities to identify a security program’s current state and establishing a roadmap for achieving a defined target state which accounts for noted capability gaps and affiliated risks
• Strong expertise assessing and developing IS policies, procedures, standards, and guidelines
• Extensive knowledge in industry security and risk management frameworks/guidance (e.g., NIST CSF, ISO 27001, ISO 27005, NIST Risk Management Framework, etc.) and extensive experience implementing or assessing against them
• Experience performing IT/IS risk, privacy, and control assessments based on leading practice and regulatory requirements (e.g., PCI, SOC2, GDPR, HIPAA)
• Working knowledge of both industry best practice and regulatory/compliance landscape across common cybersecurity domains
• Motivated self-starter who loves to solve challenging problems and feels comfortable working directly with customers
• Excellent oral, written communication, and presentation skills with an ability to present client security sessions and security workshops to C-Level Executives and non-technical audience, advanced PowerPoint presentation skills strongly desired
• Highly organized, detail-oriented, excellent time management skills, and able to effectively prioritize tasks in a fast-paced, high-volume, and evolving work environment
• Ability to approach customer and sales requests with a proactive and consultative manner; listen and understand user requests and needs and effectively deliver
• Comfortable managing multiple and changing priorities, and meeting deadlines in an entrepreneurial environment
• Ability to travel when needed
  
  

The Perks:

• Comprehensive medical, dental and vision plans for you and your dependents
• 401(k) Retirement Plan with Employer Match, 529 College Savings Plan, Health Savings Account, Life Insurance, and Long-Term Disability
• Competitive Compensation
• Total Wellness Program
• Training and development programs
• Stocked kitchen with snacks and beverages
• Collaborative and cool office culture
• Work-life balance and generous paid time off

***To all recruitment agencies: Trace3 does not accept unsolicited agency resumes/CVs. Please do not forward resumes/CVs to our careers email addresses, Trace3 employees or any other company location. Trace3 is not responsible for any fees related to unsolicited resumes/CVs.