Job description

What You'll Do - Work with and mentor team members to drive customer success. - Scope and lead engagements with clients. This includes leading pre-sales calls and onsite visits, understanding customer security and compliance requirements and environments, and proposing and delivering packaged offerings or custom solution engagements. - Develop technical content, such as security plans, procedures, policies, and white papers that can be used by our clients to assist them in elevating/building out their security and compliance programs. - Lead delivery engagements, including potential on-site projects, working with clients to build out compliance roadmaps, architecture guidance, gap assessments, etc. - Translate and implement industry-standard GRC requirements into Azure and Microsoft 365 controls. - Collaborate with Professional Services team members and sales teams to convey partner and customer feedback. - Serve as the practice subject matter expert (SME) for escalations, sales/marketing support, driving practice profitability and revenue. - Provide Delivery Team Support, including identifying process improvements, training Delivery personnel on methodologies/tools and quality topics, and mentoring Delivery personnel. - Development of industry-wide service line thought leadership through: - Authoring: methodologies, templates, white papers, work instructions, guidelines, forms, tools - Developing and delivering industry-specific training, including speaking/presenting at conferences, creating webinars - Support management of client satisfaction at all phases of the client relationship. - Ensure continuous professional development by maintaining industry-specific certifications. - Maintain a strong depth of knowledge in the practice area. - Collaborate with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables. - Establish account relationships and identify upsell and cross-sell opportunities and escalate to sales What You'll Bring - 7+ years of experience in an IT security audit, assessment, compliance, risk management, or data privacy role. - Knowledge and awareness of the latest information risk, security, and compliance innovations, trends, challenges, and solutions. - Knowledge of strategy, privacy, risk standards/frameworks, and professional practices (NIST, ISO, CIS Top 20, ISSA, CSA CMM, Privacy by Design, FAIR, etc.). - Knowledge of the typical enterprise risk and security operational practices. - Knowledge of information security-related solutions, tools, and utilities. - Experience in strategy development, setting direction for team members, influencing both internally and externally. - Experience building common compliance frameworks as well as mapping between different compliance requirements. - Experience securing cloud-based infrastructure, including secure operating systems, firewalls, and database lockdowns. - Demonstrated breadth of security expertise in various subdomains such as encryption, identity, incident response, etc. - Knowledge of Identity Access Management design and implementation patterns. - Experience with risk assessment methodologies and risk reporting for executive leadership. - Proven background in clearly writing complex technical documents that can be presented across a varied enterprise corporate audience. - 7+ years of experience working with one or more of the following: - Payment Card Industry (PCI) Council's Payment Card Industry Data Security Standard (PCI DSS) - ISO/IEC 27001:2022 and ISO/IEC 2702:2022 - ISO 9001:2015 - System and Organization Controls (SOC) 2 - National Institute of Standards and Technology (NIST) frameworks (800 series) - HITRUST framework - Health Insurance Portability and Accountability Act (HIPAA) - Health Information Technology for Economic and Clinical Health Act (HITECH) - Bachelor's Degree in Computer Science, Information Systems Management, Information Security, Business or equivalent experience required. - CISSP - CISM or CISA - In addition, depending on the framework(s) you will be supporting you must have one or more of the following: - ISO: ISO/IEC 27001 Lead Auditor/Implementer - Certified CSF Practitioner (CCSFP) - PCI: Qualified Security Assessor (QSA) Bonus - Azure certification(s). - CRISC or related certification - CCSK certification - Big Four Advisory/Consulting Experience (Deloitte, EY, PwC, Accenture, etc.)

Requirements