Information and Security Consultant

Responsibilities

• Execute the vendor’s lifecycle process from information risk (security) standpoint.
• Maintain current knowledge on information security topics and their applicability program requirements.
• Ensure vendor compliance to the business agreement, policies, procedures, & regulations along with ability to map controls and compliance requirements.
• Support remediation efforts with business / vendor managers.
• Maintains metrics and report them.
• Ensure alignment of security policies/standards with IT infrastructure frameworks.
• Investigates non-standard requests and problems, with some assistance from others.
• Prioritizes and organizes own work to meet deadlines.
• Plans and manages awareness campaigns and other similar needs.
• Plans, manages and executes compliance programs in support of the conformance to stated policies.
• Responsibility for maintaining relationships with business leaders.

Qualifications and Experience

• Risk assessment skills and the ability to manage risk assessments / projects independently.
• 3+ years of experience in internal / departmental or vendor information security audits/assessments.
• Security expertise including knowledge on different security risk assessment frameworks (NIST/Octave), standards (ISO27001/HITRUST/ITIL/Cobit), and acts such as (HIPAA/GLBA).
• Familiarity with ISO standards and frameworks.
• Excellent communication skills both verbally and written.