Senior Security Consultant
About AccessIT Group:
AccessIT Group is a specialized cybersecurity solutions provider offering a full range of advanced security services that assist organizations with the design, implementation and operation of their security program and infrastructure. We focus on cloud, risk management, compliance and implementation services, working with organizations to address the evolving complexities of cyberthreats. With over 20 years of experience and relationships with leading technology partners, we help customers find the most appropriate technologies for implementation into their IT environments.
We are looking for a Senior Security Consultant to join our team. We offer and cover exceptional healthcare, dental, and vision benefits for our employees and their families, a matching 401K plan, paid vacation and medical leave, among many other benefits.
Responsibilities and Duties:
Senior Security Consultant- Qualified Security Assessor (QSA) is responsible for providing security assessments and consulting services to a wide range of clients against industry standards such as PCI DSS, ISO, HIPAA, and NIST. The QSA will prepare executive and technical level reports for clientele detailing the assessment findings, including any security gaps, and help to identify solutions to improve the client’s security posture.
● Perform comprehensive technical audits such as PCI DSS, ISO27001/27002, NIST 800-
53/171/CSF, CIS, and HIPAA Security for AccessIT Group clients.
● Provide Trusted Advisory Services and Policy and Procedure Development during
auditing engagements.
● Develop reports that detail compliance gaps for all assessments, including risk severity
level, systems impacted, business risk summary, and recommendations for remediation.
● Create roadmaps to achieve full compliance prior to a formal audit via gap assessment
techniques with prioritized remediation steps, estimated work efforts, and associated
timelines.
● Manage and drive evidence gathering for all standards’ requirements and advise clients
on how to achieve compliance.
● Review Deliverables with clients, to provide guidance on remediation actions and
advisory services that could be of benefit with regard to industry trends around achieving
and maintaining compliance (i.e., technical solutions).
● Serve as a Subject Matter Expert, providing knowledge and assistance in a broad range of
security, risk, and compliance fields.
● Assist Business Development/Sales team by answering operational and technical
questions related to but not limited to PCI DSS, ISO27001/27002, Policy and Procedure,
and HIPAA compliance.
● Support security practice offerings in pre-sales and post-sales roles.
● Assist with developing and managing internal and external delivery processes,
procedures, and methodologies.
● Develop and maintain positive relationships with client personnel.
● Maintain high morale by contributing to an effective, positive work environment.
● Ability to guide oneself through a professional development process, including timely
completion of reviews and goal setting for additional training and certification.
● Deliver work that meets or exceeds expectations based on a strong understanding of the
client’s business and needs.
● Maintain effective communication between other consultants, management, and client
stakeholders.
● Participate in industry conferences and professional organizations.
● Provide additional value for clients by offering constructive insights and consultative
advice based on personal experience with the client, their industry, established standards,
and leading practices.
● Demonstrate a high level of commitment to client success as shown by responding
promptly to changes in client expectations both professionally and effectively.
Required Certifications and Experience:
● Minimum of 5 years of previous experience conducting assessments as a fully qualified QSA
Required Skills:
● Possess sufficient information security knowledge and experience to conduct technically complex security assessments.
● Possess a minimum of one year of experience in each of the following information security disciplines:
- Application security
- Information systems security
- Network security
●Possess a minimum of one year of experience in each of the following
audit/assessment disciplines:
- IT security auditing
- Information security risk assessment or risk management
● Possess at least one of the following accredited, industry-recognized professional
certifications from each list:
List A – Information Security
- (ISC)2 Certified Information System Security Professional (CISSP)
- ISACA Certified Information Security Manager (CISM)
- Certified ISO 27001 Lead Implementer 1
List B – Audit
- ISACA Certified Information Systems Auditor (CISA)
- GIAC Systems and Network Auditor (GSNA)
- Certified ISO 27001, Lead Auditor, Internal Auditor 1
- IRCA ISMS Auditor or higher (e.g., Auditor/Lead Auditor, Principal
Auditor) *Note: “Provisional” auditor designations do not meet the requirement.
- IIA Certified Internal Auditor (CIA)
● Possess knowledge about PCI DSS and all applicable documents on the PCI SSC
Website.
● Able to multitask and work independently with minimum supervision to meet client
deadlines.
● Must be flexible, proactive, quick to learn, and possess a can-do attitude.
● Excellent written and oral communication skills with the ability to express their thoughts
clearly, know how to listen, and be able to contribute to a team environment.
● Proven experience conducting enterprise risk and security assessments.
● Ability to conduct IT audits with regard to policies, process and procedure design, and
information security aspects of privacy and regulatory compliance standards.
● Be able to communicate compliance, information security, and technology issues clearly
to business and technical clientele.