Job Type

Full Time

View All Jobs

HITRUST Consultant

Summary

The HITRUST Common Security Framework, “HITRUST CSF”, is a risk based, prescriptive security and privacy framework that streamlines compliance of multiple regulations, risk factors, and standards. The HITRUST Assessor will work closely with clients and other team members, under the direction of an Executive Sponsor, to guide customers through the process of HITRUST Readiness and Validated Assessment to submit to the HITRUST Alliance for Certification.

A good candidate for this position is individuals looking to apply information security and privacy focused frameworks and methodologies to expand their knowledge and skills in diverse and complex data privacy regulations on a global basis. Secondarily this role will provide guidance in implementation of various frameworks for security and privacy.

Role Responsibilities

  • Work closely with clients to understand systems and business functions in order to determine the scope of their HITRUST assessments
  • Review and evaluate an organization’s information security posture for compliance with the HITRUST CSF and other relevant frameworks
  • Develop a GAP assessment with prioritized remediations
  • Assist organizations with the implementation of a remediation plan to strengthen information security posture
  • Research and understand Security and Privacy matters
  • Communicate IT, Security, and Privacy concepts to an organization as it relates to the inscope environment
  • Develop and execute test plans to validate an organization’s compliance with the HITRUST CSF for certification submission

Qualifications and Requirements

  • BA/BS in information technology, business administration, or related field preferred
  • 5+ years in a security/privacy consulting position
  • High attention to detail with a focus on persistent and timely follow-up
  • Certifications in HIPAA (HCISPP) and or HITRUST (CCSFP, CHQP) is a plus
  • Certifications in Security and/or Privacy Technology (CISSP, CIPP) is a plus
  • Prior Big 4 consulting experience is a significant plus
  • *Post COVID-19 – this position may include travel up to 25%

Employee Perks

  • Medical, vision, and disability insurance program
  • Employer-funded life insurance for all employees
  • Unlimited vacation policy with a requirement to take at least two weeks
  • Encourage and compensate for advanced training, certifications, and industry events
  • Have a voice and be heard with the opportunity to make a positive difference

Cyber OT Engineer

Responsibilities:
Overall responsibility will be to handle the security architecture, design, and improvements of our manufacturing locations along with corporate environments by coordinating effective information security practices and providing a safe working environment for employees and third parties.
•    Implement strategies to identify, assess, prevent, protect, and mitigate information security risks, threats, and vulnerabilities to safeguard people, assets, products, and property.
•    Develop and implement measures, tools, and technology to monitor compliance with company security policies and procedures, laws and regulations.
•    Monitor and stay up to date with security-related proven practices and technology.
•    Assess, identify, and develop security solutions for OT environments as it pertains to our global manufacturing environment.  Assessments include security frameworks, existing security measures and alignment with best practices.
•    In addition, you’ll have the opportunity perform testing against ICS/OT devices, networks and security control mechanisms.
•    Review current system security measures and recommend and implement enhancements
•    Conducting regular system tests and ensuring continuous monitoring of network security
•    Developing project timelines for ongoing system upgrades

Job Requirements

What We are Looking for:

An enthusiastic candidate who has an interest in technology, in combination with having knowledge of IT and OT operations in a manufacturing environment. Importantly, you should also have experience of reviewing cyber security policies, control implementation, mitigation strategies, or cyber security threat analysis.

•    Bachelor’s Degree in Information Systems, Computer Science, Engineering, or other related fields required
•    Active security certifications preferred:  CISM, CISSP, CCNA, CCNP or other similar certifications
•    Operational, technical, or product management experience in one or more of the following key disciplines: SIEM, Data Protection, Network Security, End Point Security, Forensics, Fraud, or Threat Intelligence
•    Knowledge of or work experience in implementing projects that follow an Information Security framework such as NIST Cyber Security Framework, ISO 27001, 27002.
•    Working knowledge of MITRE ATT&CK, or Lockheed Kill Chain methodology
•    Knowledge of Security Standards and how they may apply to IT and OT environments
•    Experience managing project delivery of cybersecurity projects
•    Basic working knowledge / experience working with Security Information Event Management (SIEM), Continuous Monitoring, Intrusion Detection/Prevention Systems (IDPS/PS), Network, Incident Response, Endpoint Security Systems, Threat Modeling, Firewalls, Segmentation, MFA, IDS, IPS, etc.

Core Competencies:
•    Natural passion for security and strong drive to see both projects and investigations to completion
•    Proven leadership skills including effective oral and written communication, performance management, issue resolution, negotiation, motivating and influencing team members, forecasting, and planning
•    Excellent verbal, written, and presentation skills
•    High level of personal integrity, and the ability to professionally handle confidential matters
•    Have strong written and oral communication skills with the ability to explain technical ideas to non-technical individuals at any level
•    Functional technical knowledge of infrastructure, networking, architecture, security, and applications
•    Understanding of budget operations, cycles, processes
•    Meet project implementation targets
•    Highly organized and task oriented.
•    Advanced problem solving and troubleshooting skills.
•    Ability to prioritize and assign tasks.

Managing Security Consultant (Offensive Security)

The Managing Consultant is primarily responsible for managing a team of offensive security consultants and ensuring that the quality of work performed aligns with our standards and client expectations. Secondarily, the Managing Consultant will also execute and deliver client engagements, including penetration tests, threat and vulnerability assessments, purple team engagements, ransomware exposure assessments, and custom assessments designed to meet our clients’ needs. The following high-level goals and objectives are expected to be met by the Managing Consultant.

  • Engaged and High Performing Teams

The Managing Consultant plays a critical role in setting the strategy for the offensive security work we perform, staffing the team with the top-tier talent, and creating an environment where consultants can thrive personally and professionally.

  • Strategic Planning

Aligning capabilities with client needs and maximizing quality and efficiency is imperative in consulting. The Managing Consultant will continually evaluate how we deliver our consulting engagements, including methodology and technology enablement, to ensure we achieve these objectives. Strategically, the Managing Consultant will be instrumental in helping anticipate client needs and establishing those capabilities on the team.

  • Excellence in Project Delivery and Client Relationships
    All Security services are designed to forge a trusted partnership with our clients. This comes from ensuring that all security services are delivered with excellence and are executed in a timely manner. Regular communication with clients and the Security Advisory Services team is equally important to ensure that expectations are being met.
  • Technical Expertise in Delivered Services
    The Managing Consultant is expected to demonstrate technical expertise when delivering our services. Gaps in technical proficiency should be communicated prior to project execution to ensure clients receive expected value. Identified gaps will be used to guide training objectives
  • Ownership of Unique or Complex Projects
    We offers a wide breadth of service offerings that range from shorter term assessments to more involved, custom security services. The Managing Consultant may be responsible for taking ownership of these projects and client relationships to ensure that unique or complex projects are delivered successfully.

 

Required Skills

Required Skills

  • Prior experience as Lead/Managing Consultant or equivalent corporate experience, such as Manager of Red Team Operations with a record for overseeing offensive security projects such as:
  • Threat and Vulnerability Assessments
  • Penetration Testing
  • Web Application Security Assessments
  • Social Engineering
  • Cloud
  • Wireless
  • Proven ability to build and manage high performing teams; and who is adept at communicating clearly, listening, giving feedback, prioritizing, and cultivating skills with individual staff.
  • Expert knowledge of offensive security testing, exploitation, and remediation across a range of infrastructure technologies and applications
  • Working knowledge of network and systems architecture
  • Network segmentation
  • Intrusion Detection Systems
  • Web application architecture
  • Active Directory
  • Cloud
  • Advanced understanding of how major application layer protocols function (e.g., HTTP, SMTP, DNS, Kerberos)
  • Advanced knowledge of categories of malware and how they function (e.g., rootkits, trojans, adware, ransomware)
  • Advanced knowledge related to vulnerabilities and attack vectors such as:
  • SQL Injection
  • Brute force attacks
  • Active Directory exploitation
  • Malware infection vectors
  • Phishing attacks
  • Drive-by/Redirection attacks
  • Experience performing security assessments on multiple operating systems (Windows, Linux, Unix, OSX)

Experience, Education, and Certifications

  • Minimum of 10 years’ experience working in security consulting or equivalent internal roles
  • Minimum of two years’ experience successfully mentoring/managing staff
  • Bachelor’s degree or equivalent experience
  • Offensive security certification(s) expected for this role (e.g., OSCP or similar)

Data Protection and Privacy Manager

Essential Duties and Responsibilities

  • Adhere to the highest degree of professional standards and strict client confidentiality.
  • Ability to manage multiple engagements and competing priorities in a rapidly growing, fast-paced, interactive, results-based team environment.
  • Ability to communicate in an organized and knowledgeable manner in written and verbal means – including delivering clear requests for information, developing responses to client requests, and communicating conflicts and risks.
  • Deep understanding of global privacy and data protection regulations, such as EU’s GDPR and US laws such as CCPA, CPRA, CDPA, CPA, HIPAA, GLBA.
  • Apply current knowledge of privacy and data protection trends and to issues and other opportunities for improvement.
  • Assist clients in planning and executing remediation plans identified in assessment activities.
  • Proactively interact with key client management to gather information, resolve problems and make recommendations for improvements.
  • Collaborate with team members at all levels in the development and marketing of the privacy service offering.
  • Develop high quality deliverables through collaboration with clients and team members to address needs and demonstrate an understanding of clients’ business.
  • Additional duties as assigned.

Qualifications 

  • Bachelor’s degree in Cybersecurity, Information Technology, Computer Science or a related field is required.  A Masters or JD degree is preferred.
  • 3+ years of related work experience in a similar consulting practice or function, servicing cross- industry clients at a national level.
  • Certification(s) Preferred: Obtained or demonstrates an active pursuit of one or more of the following certifications: Certified Information Privacy Professional (CIPP), Certified Information Privacy Technologist (CIPT), Information Systems Security Professional (CISSP), or other related certifications.
  • Experience working with leading privacy regulations to perform privacy assessments and support privacy program implementations.
  • Experience preparing reports and other deliverables that contain strategy, project, or technical analysis and findings in connection with consulting engagements and communicating those results to the team and client.
  • Knowledge of privacy technology solutions and experience implementing and sustaining tools such as OneTrust, WireWheel, Securiti.ai, BigID is a plus.
  • Experience in project management and the ability to clearly communicate privacy and data protection issues verbally on both a formal and informal basis to all levels of client staff.
  • Exceptional client service and communication skills, with a demonstrated ability to develop and maintain outstanding client relationships.
  • Demonstrates creative thinking and problem-solving skills, and advanced knowledge of MS Office Word, Excel, Visio, and PowerPoint.
  • Ability to work additional hours as needed and travel on a regular basis to clients as required.

Cyber Transformation, Manager

Essential Duties and Responsibilities

  • Adhere to the highest degree of professional standards and strict client confidentiality.
  • Execute assigned client engagements from start to finish, which includes the engagement planning, directing, and completion of IT security assessments and Information Security architectural design and deployments while managing those engagements to budget.
  • Apply current knowledge of technology and cyber trends and to identify security and risk management issues and other opportunities for improvement.
  • Assist clients in planning and executing remediation plans identified in assessment activities.
  • Work with the client to plan an engagement strategy, define objectives, and address technology- related controls risks and issues.
  • Proactively interact with key client management to gather information, resolve problems and make recommendations for improvements.
  • Ability to manage multiple engagements and competing priorities in a rapidly growing, fast-paced, interactive, results-based team environment.
  • Participate in professional development activities and training sessions on regular basis.
  • Other duties as assigned.

Qualifications

  • Minimum Year(s) of Experience: 5 years.
  • Bachelor’s degree in Information Technology, Computer Science or a related field is required.
  • Masters in cybersecurity, Information system or business administration is preferred.
  • Certification(s) Preferred: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), ISACA, Certified in Risk and Information Systems Control
  • Complete understanding of Industry Standards/frameworks such as COBIT, NIST, ISO 27001, and PCI-DSS etc. is necessary.
  • Demonstrate proven and extensive abilities solving complex cyber-risk management issues, including the following areas:
  • Design and development of IT Risk and Cyber security programs using industry frameworks and methodologies;
  • Designing KRIs and metrics to build risk reports for management
  • ­Implementation and maintenance of enterprise-wide cyber risk governance frameworks;
  • Assessment of enterprise-wide business risks and cyber threats;
  • Development of detailed business risk scenarios and cyber threat models;
  • Design and implementation of cyber risk management controls;
  • Monitoring and reporting of cyber risks, threats and vulnerabilities;
  • Development, implementation and periodic testing of cyber resiliency plans;
  • Use of tools and technology to provide data analytics and business intelligence on cyber threats, risks and vulnerabilities;
  • Advising clients on complying with regulatory requirements such as FFIEC, GLBA, NY DFS etc. as well as industry frameworks such as NIST CSF, COBIT, COSO and PCI;
  • Building and operationalizing complex IT risk management and cyber security programs for clients.

Skills Preferred 

  • Take ownership of your work, by performing self-reviews of all work performed.
  • Produce high quality deliverables on client engagements requiring little re-work. Ensure they are on time and well organized.
  • Ability to manage multiple engagements and competing priorities in a rapidly growing, fast-paced, interactive, results-based team environment.
  • Ability to deal with ill-defined problems and propose coherent solutions for the client.
  • Execution of assigned client engagements from start to finish, which includes the engagement planning, directing, and completion while managing those engagements to budget.
  • Manage the team comprising of seniors and associates and maintain professionalism across team.
  • Apply current knowledge of IT trends and systems processes to identify security and risk management issues and other opportunities for improvement.
  • Assist clients in developing and executing risk management activities.
  • Participate in clients call as Security SME; provide solutions best fitted to the requirement and in line with the Industry best practices.
  • Ability to work additional hours and travel domestically as needed.

Cyber Defense, Senior Associate

Essential Duties and Responsibilities

  • Perform technical security testing, including cyber-attack simulations and threat and vulnerability assessments.
  • Support cybersecurity assessments consisting of security architecture reviews, system configuration reviews and cloud security evaluations.
  • Support cybersecurity incident response readiness activities, including tabletop exercises and evaluations of incident response capabilities.
  • Document results from technical testing performed and develop tailored recommendations to mitigate associated cyber threats and risks.
  • Execute assigned client engagements from start to finish, which includes engagement planning, fieldwork execution and reporting.
  • Remain current and apply knowledge of cybersecurity trends and risks.
  • Communicate (verbally and in writing) externally with clients and internally with all levels of the organization to successfully accomplish objectives portraying knowledge and confidence.
  • Proactively interact with key client management to gather information, resolve problems and make recommendations for improvements.
  • Develop client relationships with the intention to exceed client expectations.
  • Adhere to the highest degree of professional standards and strict client confidentiality.
  • Participate in professional development activities and training sessions on regular basis.
  • Other duties as assigned.

Required Skills and Experience

  • 3+ years of related cybersecurity experience in a similar consulting practice or function.
  • Experience in one or more of the overarching areas below:
    • Conducting technical security testing, including one or more of the following: cyber-attack simulations, vulnerability assessments, web application testing, and/or penetration testing.
  • Reviewing security architecture deployments and assessing and/or implementing secure configurations for common network devices (routers, switches, firewalls), server operating systems (Windows and Linux) and database management systems.
    • Assessing and/or implementing security solutions and controls within cloud service provider platforms (e.g., AWS, Azure, GCP, O365).
  • Ability to document technical testing and assessment results in a formal report format and present results and recommendations to both a technical and non-technical audience.
  • Exceptional client service and communication skills, with a demonstrated ability to develop and maintain outstanding client relationships.
  • Ability to execute multiple engagements and competing priorities in a rapidly growing, fast-paced, interactive, results-based team environment.
  • Strong professional verbal and written skills.
  • Excellent analytical, organizational and project management skills.

 

Desired Skills and Experience

  • Bachelor’s and/or Master’s degree in Information Technology, Cybersecurity, Computer Science or a related field.
  • One or more relevant technical certifications such as: CISSP, GIAC (GSEC, GCIH, GSIP, etc.), MS-500, AZ-500, AWS Certified Security, Google Cloud Professional Architect / Security Engineer
  • Working knowledge of cybersecurity industry leading practices and frameworks, such as NIST CSF, CIS Controls, CIS Benchmarks, OWASP, MITRE.
  • Familiarity with common threat and vulnerability management and endpoint security solutions.