Sounding and Security Watch responsible for Navy asset security at NSF Diego Garcia. Conducting checks and ensuring safety during designated watch hours with strong situational awareness.
TE
Hybrid Senior Information Security Analyst – Consultant, Strategic Services
Posted 2 months ago
About the role
- Senior Information Security Analyst delivering expert assessment services to external organizations in cybersecurity. Evaluating client environments and developing strategic solutions for IT resilience and maturity.
Responsibilities
- Lead and support various client engagements, including Enterprise Risk Assessments, Privacy Impact Assessments, and Risk /Privacy / Program Buildouts.
- Facilitate collaborative assessment processes such as scoping, leading client interviews/workshops, and ensuring open dialogue and understanding of client-specific challenges
- Manage client expectations and ensure project deliverables align with their business objectives and regulatory requirements
- Perform comprehensive point-in-time assessments of client cybersecurity posture against industry standards and frameworks (e.g., NIST CSF 2.0, CIS Critical Security Controls)
- Conduct maturity assessments across various domains, including IT Risk Management, IT Service Management, and specific security controls
- Evaluate critical platforms and tool use cases, assessing their effectiveness and alignment with client needs and best practices
- Identify security gaps, vulnerabilities, and control weaknesses through documentation review, interviews with key personnel, and observation of operational processes
- Assess client compliance with relevant laws, regulations, and contractual obligations, including PII, PHI, and IP considerations, specifically HIPAA and PCI DSS
- Design and implement enterprise-wide IT risk management programs based on NIST principles, integrating cybersecurity risk with overall enterprise risk management (ERM)
- Establish risk governance structures, define roles and responsibilities, and develop risk management strategies for clients
- Develop and implement policies and procedures related to application security, data protection, and privacy
- Create roadmaps for program implementation, such as Technical Impact Analysis (TIA) programs, including stakeholder engagement, data collection, and continuous improvement
- Prepare comprehensive assessment reports, compliance narratives, and strategic roadmaps for executive and technical client stakeholders
- Present complex technical and risk information clearly and concisely to diverse client audiences, supporting informed decision-making
- Ensure all findings, recommendations, and program documentation are auditable and support client compliance requirements
- Engage effectively with both internal and external stakeholders, including client project managers, client leadership, internal managers, and junior team members, to ensure alignment and successful project outcomes.
- Facilitate cross-functional communications with other team members and departments, fostering collaboration and knowledge sharing.
Requirements
- Bachelor's degree in information security or related discipline
- Proficiency In IT Risk Management frameworks (e.g., NIST RMF, NIST CSF 2.0) and knowledge of up to two of the following industry frameworks and regulations CCPA/CPRA, GDPR, NIST Privacy, NIST RMF, PCI, ISO, HIPAA
- Strong knowledge of cybersecurity controls, vulnerability management, identity and access management, detection and response, product security, and security operations, including CIS Critical Security Controls
- Ability to synthesize complex technical and business information, identify patterns, and develop actionable recommendations
- Excellent written and verbal communication skills, with the ability to present detailed technical and analytical findings clearly and concisely to both technical and non-technical audiences, including executive leadership, project managers, and technical teams.
- Proven ability to tailor communication style and content to different audiences, from junior staff to senior management, both internally and externally.
- Advanced capability in performing various types of assessments (point-in-time, maturity, risk, technical) and integrating findings from multiple sources
- Hold current standing with at least one industry relevant certifications, such as CISM, CISA, CRISC, CISSP
- Ability to coordinate and manage multiple priorities in a fast-paced environment, working both independently and collaboratively
- Ability to travel up to 10% for client-related or internal-related activities as needed
Benefits
- Comprehensive benefits including: Medical, Dental, Vision & Basic Life Insurance
- Paid Vacations, Sick Time, & Holidays
- 401 (k) with discretionary company match
- Vibrant work culture
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Sales Enablement Manager creating technical content for Upwind Security. Collaborating across teams to translate cloud security concepts into clear narratives for engineers and security leaders.
Security Engineer designing and implementing security measures to protect Snap Inc.'s infrastructure. Collaborating across teams while focusing on threat detection and response strategies.
IT Security & Compliance Head at Lonza leading security strategy and managing global risk. Collaboration with senior leadership to enhance information security across Capsules & Health Ingredients business.
Senior Security Manager leading security for Sanofi meetings and events across North America. Ensuring compliance with global meeting policies and managing event security operations in high - stake environments.
Security Officer maintaining safety protocols at Aloft New Orleans. Responsible for patrolling, monitoring security systems, and assisting guests with safety - related concerns.
Security Detection Specialist responsible for detecting cybersecurity incidents using advanced security technologies. Analyzing data feeds and leveraging security tools for incident detection and reporting.
Senior Incident Response Engineer at Walmart focusing on security threat campaigns to enhance detection and response capabilities. Collaborating with SOC and engineering teams to improve security posture.
Head of Infrastructure & Security at Kinatico, a RegTech leader, focused on cloud infrastructure and security governance. Leading a technically deep team of cloud engineers and security specialists in a hybrid environment.
Security Supervisor responsible for loss prevention and safety at WarHorse Gaming casino in Omaha. Ensuring compliance with regulations and managing security team operations.