Information Security Consultant

Resources Global Professionals   •  

Denver, CO

Industry: Business Services

  •  

8 - 10 years

Posted 50 days ago

PURPOSE OF THE ROLE

As an Information Security/IT Risk Consultant, you will be responsible for understanding and analyzing a company's IT requirements and advise on IT security solutions. You will assist with the management and supervision of the implementation of solution procedures and change management processes.

ATTRIBUTES OF CONSULTANTS WITH RGP

  • Respect for people and opinions and confidently offer your point-of-view with clients and among colleagues
  • A drive for proactively cultivating relationships with clients and colleagues
  • Optimism when faced with challenges and complex situations, coupled with the drive to solve client issues
  • Dedication to continuous improvement and development of your skillset and talents
  • A strong personal identification with RGP's values – loyalty, integrity, focus, enthusiasm, accountability and talent

KEY RESPONSIBILITIES OF THE ROLE

  • Lead IS Governance and Risk's continuous process improvement projects such as application security risk assessment and self-assessment processes against IS standards
  • Support requirements gathering and design efforts of critical projects as needed
  • Perform security risk assessments (SRA) according to the SRA framework and IS standards for custom-developed and third-party applications within the existing infrastructure
  • Assist in identifying application control deficiencies as well as the associated risks
  • Document IS risks to identify the relevant impact to enterprise systems, infrastructure and business processes; Develop and maintain process, risk methodologies and SOP documentation
  • Understand and effectively communicate how vulnerabilities can be exploited within technology and the enterprise environment
  • Provide remediation recommendations and/or recommend alternate solutions to resolve gaps against IS Standards
  • Provide security consulting and advisory services to business units and project teams
  • Develop action plans and/or recommend alternate solutions to resolve exceptions to standard operating procedures
  • Research and maintain knowledge base regarding industry frameworks, best practices, information security issues, solutions and potential implications

DESIRED EXPERIENCE AND REQUIREMENTS

  • Bachelor Degree in Information Systems or related field or an equivalent combination of education and experience required
  • 7 to 11-plus years of hands-on technology risk, security and/or governance experience
  • CISSP, CISA, CISM, CIA or equivalent designation preferred
  • Solid understanding of information security policies, standards, industry best practices, and frameworks (i.e. ISO 27K, NIST 800 series, OWASP, COSO, CoBIT)
  • Solid understanding of application and network security, OSI model, information security architecture and security technologies (i.e. penetration testing tools)
  • Familiarity with common platforms, databases and applications (i.e. Oracle, SAP, web development tools, virtualization, UNIX and Linux)
  • Experience managing and developing baseline security configurations and experience with common industry guidelines (CIS, STIGs, etc.)
  • Experience with common SDLC and/or process improvement methodologies (i.e. Lean, Six Sigma, Agile, etc.)
  • Communicates effectively verbally and in writing, and expresses conclusions and recommendations in a clear, technically sound manner