SecureTrust, a Trustwave division, leads the industry in innovation and processes for achieving and maintaining compliance and security. SecureTrust delivers world-class consulting, compliance and risk assessment services and solutions for the enterprise market as well as tailored merchant risk management programs and solutions for merchant program sponsors around the globe.
As a Senior Security Consultant, you will be responsible for:
- Customer engagement and project execution providing information security consultation and assessment services, helping our clients meet their compliance obligations by evaluating their business, technology and operations against security standards like the PCI DSS or HIPAA.
- Sharing your expertise with clients and colleagues to aid in making decisions on topics like strategy and scope as well as deep and highly technical projects like web application architecture and security.
- Providing clear, organized findings and recommendations to clients and tracking progress towards resolution and compliance.
- Producing detailed, high-quality reports for clients and industry third parties like payment card brands and the PCI Security Standards Council.
- Learning from our close-knit group as well as contributing your thoughts, tools, industry news or lessons learned.
- Working with clients to implement practices to produce secure applications and identify and eliminate security vulnerabilities
- Working independently, undertaking information security engagements including working co-ordination and projectmanagement (client interaction, deliverables, work plans, escalation's, etc.)
- Growing the business by identify up-sells with existing and potential clients
- Providing regular status reports on all projects assigned
- Being a team player and having the capability to expand/adapt your skills in fast-paced ever-changing industry.
Skills and Qualifications
- Must have previous professional experience providing consultative services as either an internal SME or as a third-party consultant.
- Strong professional expertise in information security, must have the ability to thoroughly understand complex principles and apply them practically. Comfortably present security concepts or findings to both highly technical and entirely non-technical audiences.
- Must have experience in network security (for example, administration of firewalls, intrusion prevention systems, etc.)
- Strongly prefer candidates with payment card (QSA, PCI DSS, PA-DSS, P2PE, PFI), financial (GLBA, SOX, SSAE 16) or health care (HIPAA/HITECH) experience.
- Must be willing to participate in relevant professional organizations like OWASP, InfraGard, and ISACA.
- Trustwave will provide time and training for you to take and maintain industry relevant certifications, we will also provide you success bonuses when you receive said certification.
Certifications Required: Minimum 2 certs (1 from each category)
- Must have minimum 1 cert in Information Security: CISSP, CISM, or ISO 27001 Lead Implementer
- Must have minimum 1 cert in Audit: CISA, GSNA, ISO 27001 Lead Auditor / Internal Audtor, ISMS Auditor, or CIA
We prefer college-educated applicants, but at minimum, high school diploma or equivalent is required for employment.