Global Information Security Consultant

Company: EDI Staffing
Location: Racine
Posted on: March 19, 2023

Job Description:

Responsibilities:

• 
  
• Provide technical and project leadership for IT security solutions
  
• Full cycle engagement and leadership - analysis, requirements development, solution request-for-proposal (RFP) support, design, documentation, implementation, operationalization, and maintenance
  
• Definition of control effectiveness metrics and establishment of on-going visibility and reporting
  
• Integration into product-related lifecycle activities
  
• Development of operational plan for transition of the security solution to run
  
• Evangelize agile culture and DevSecOps shift-left mentality within and outside of information security department
  
• Actively participate in team scrum activities in a hybrid productized and projectized environment
  
• Properly document and manage scrum stories from sprint to sprint, ensuring timely updates
  
• Provide input for development of domain/product-related roadmaps, tactical execution plans with SMART OKRs (objectives and key results), and assist in related activities (e.g. current state documentation, gap analysis, resource estimations)
  
• Focus on self-service, automation opportunities and quality of supporting documentation
  
• Perform security analysis of business solutions and develop security requirements across security domains with the goal of balanced protection of information systems assets, corporate data, and intellectual property based on enterprise security standards and enterprise risk appetite
  
• Conduct threat modeling and technical security assessment of business solution related components and services
  
• Lead the design and implementation of authorization matrix and privileged access management for a given business solution
  
• Develop new security requirements for business use-cases that are not covered by existing security standards based on corresponding threat model , enterprise risk appetite , NIST CSF framework , NIST security guidelines , and industry best practices and guidelines
  
• Apply, validate, extend existing, and develop new security design patterns based on business and infrastructure use-cases to support standardization and reusability
  
• Collaborate with domain security architects and engineering in development of security design and coordinate integration with enterprise security tools
  
• Document formal project artifacts business requirements, high-level architecture/design documentation, low-level architecture/design documentation
  
• Provide consulting to the business for vulnerability or penetration test assessment findings
  
• Conduct security readiness assessment of the business solution upon build to ensure all identified security requirements were properly met (e.g. technical, administrative, physical)
  
• Provide general security support and consulting throughout the engagement
  Security Governance Responsibilities
  
• Develop, document, and socialize security patterns to drive simplification, standardization, and operational consistency
  
• Participate in reviews and development of security standards based on security frameworks (e.g. NIST CSF, NIST 800-53, CIS, ISO 27000)
  
• Stay up to speed with latest developments in security frameworks and industry best practices, and maintain up-to-date knowledge of available enterprise solutions and security capabilities
  
  
  Experience:
  
  
  • 
    
  • 5+ years of experience in IT security analysis/security consulting capacity
    
  • Fundamental understanding of identity federation, PKI, virtualization, and cloud security reference architectures
    
  • Well versed in industry standard frameworks such as NIST, CIS, CSA CCM, Mitre Telecommunication&CK, ISO 27001, OWASP, and others
    
  • Prior experience developing information security standards/policies and patterns
    
  • Ability to present in threat briefings, security demos, and security brownbag sessions on different security topics
    
  • Security certifications such as CISSP or CCSP is a plus
    
  • Plus skills include DevSecOps, Agile, Hybrid, Scripting, and Software Engineering (C#/Python/GoLang or similar)
    
  • Superior written, presentation, and verbal communication skills
    
  • Ability to stay up to date on latest threat landscape developments
    
    

Keywords: EDI Staffing, Racine , Global Information Security Consultant, Professions , Racine, Wisconsin