Principle Security Consultant

ELEVI seeks talent in the area of a Principal Security Consultant for a contract to Hire position. The successful candidate(s) will work with a diverse team of self-starters and collaborators and will possess a deep level of expertise in core information security governance, risk, compliance, and privacy domains.  They will also possess critical “soft skills” required to present complex solutions and topics in a concise manner to audiences of varied levels of understanding and influence.

Qualifications and Required Skills

• Previous professional experience providing consultative services.
• Strong professional expertise in information security with the ability to thoroughly understand complex principles and apply them practically.
• Ability to present security concepts and/or findings to both highly technical and entirely non-technical audiences.
• Ability to manage multiple tasks and responsibilities, work alone or in small teams, achieve established goals and objectives, and communicate progress in a timely manner.
• Ability to manage and guide engagement members to engagement completion.
• Strong verbal and written communication skills, organizational skills, and attention to detail.
• Ability to work collaboratively or independently as required.
• Ability to manage multiple and changing priorities and tasks.
• Ability to self-start, self-motivate and self-direct as required.
• Working knowledge of Security Testing and Audit Platforms (Nessus, NMAP, etc.).
• Working knowledge of host/network common vulnerabilities and exploits (CVEs, IAVAs, etc.), hacker methodologies and tactics, and the tools used.
• Experienced using the Microsoft Office Suite (Word, Excel, PowerPoint).
• Practical experience developing, reviewing, and interpreting risk management and compliance frameworks, security standards, and privacy models.
• Professional and practical understanding of Information Technology as it relates to how technical and administrative controls are implemented across various industry verticals and company sizes, and how those controls should be governed.
• Practical experience assessing those controls and assisting customers in the strategic development and alignment of security goals to business objectives.
• Bachelor’s Degree in a Technology field or 4 years relevant work experience.
• 5-10 years conducting Information Security risk and compliance assessments.
• Able to work remotely with up to 25% travel to customer sites
• 3-5 years evaluating compliance with regulatory and key IT standards such as HIPAA/HITECH, PCI DSS, NIST CSF, ISO 27001, GDPR/CCPA, NERC CIP, and other similar standards/frameworks.
• Strongly prefer candidates with financial (GLBA, SOX, SSAE 18), transactional (QSA, PCI DSS, PA-DSS, P2PE, PFI), and/or health care (HIPAA/HITECH) experience.
• Must possess at least one industry respected security certification, such as
  • CISM,
  • CISA,
  • CISSP,
  • ISO 27001 LI.
• Authorship of respected papers or articles within the field of security across enterprise and/or public sector customers with a range of solutions (HW/SW/Cloud based) is a definite plus.

Responsibilities:

• Lead customer engagements and project execution of information security consultation and assessment services to help our clients meet their compliance obligations by evaluating their business, technology, and operations against industry security standards.
• Educate, mentor, advise, and share your expertise with clients and colleagues to aid in making decisions on topics like organizational security strategy and services scope as well as provide consultative guidance on complex projects.
• Provide clear, organized findings and recommendations and track progress towards resolution and compliance.
• Consult/advise C-level Security Leaders (CISO, CSO, CIO, etc.) of our most valued and strategic customers.
• Develop customer-specific strategic, operational, and tactical recommendations to improve a customer’s security posture and compliance position.
• Create detailed strategic security roadmaps with short-term, mid-term, and long-term goals that prioritize remediation recommendations and address all instances of non-compliance with applicable regulatory, statutory, contractual, and organizational obligations.
• Develop customer-specific security policies, standards, and procedures using industry best practices and compliance requirements.
• Review, analyze, and assess key factors, including inherent risk, mitigating controls, business impact, likelihood, and other key elements to determine organizational security risk.
• Assess customer alignment to, and/or compliance with, applicable regulatory, federal, state, local, contractual, and organizational requirements, and best practices standards such as ISO 27001, NIST CSF, PCI DSS, HIPAA, FERPA, NIST 800-171, CMMC, etc.
• Work closely with organizations to conduct security program development using industry frameworks and standards such as ISO 27001, NIST 800-53, NIST Cyber Security Framework (CSF), etc.

ELEVI is an equal opportunity employer (EOE) that empowers our people. It is the policy of ELEVI to provide equal employment opportunities to all employees and employment applicants—without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. We fearlessly drive change, because without diversity of thought and a commitment to equality for all, there is no moving forward. Reasonable accommodations are available for qualified individuals with disabilities, upon request. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training,