IT Risk and Security Consultant

 

Seattle, WA

Compensation: $100-$110K base salary plus 20%-40% bonus

Relocation assistance is available


Profile:

The ideal candidate will be well-versed in IT security architecture and controls required to protect the confidentiality, integrity and availability of an organization's assets. They would have started their career in an IT organization focused on server, network, and Internet security infrastructure supporting critical applications providing service to the business. After 2-3 years of developing their fundamental understanding of IT infrastructure, application and security technology, they would have transitioned into more of an IT risk management and consulting position.

This position would require the candidate to understand industry standards and methodologies for obtaining the business security requirements, assessing IT security controls, providing management with identification and resolution of key risks, and handling of security incidents. The ideal candidate would also have a deep understanding of IT compliance requirements from an industry (e.g. SAS70) regulatory (e.g. SOX, HIPAA, GLBA, EU Data Privacy) and standards (e.g. ISO 27001, CoBIT, COSO, ITIL) perspective.

Job Function:

Provides coaching and consulting to new IT initiatives and projects to ensure alignment and compliance of these projects/initiatives with the IT risk framework. Ensures adherence through audit and reviews of critical projects, applications and processes

Supports IT risk management processes (e.g. incident analysis, quality measurement)

Implements IT security architectures locally and ensures early recognition of new IT developments and/or risks.

Ensures effective incorporation or resolution through appropriate standards and processes

Applies security technologies (e.g. Identity & Access-Mgmt, Intrusion detection, Internet Security, etc.)

Locally implements and supports Risk Awareness campaigns, compliance assessments and the exception of G-IT risk policies and standards

Supports internal and external audits and compliance initiatives

Manages security incident responses and supports (CSIRT) / monitors and assesses security events

Provides computer forensics and investigation services to legal, HR and corporate investigation departments

Designs, implements and manages IT Security monitoring and logging controls and procedures

Provides infrastructure vulnerability assessment and management services to ISPs

Ensures alignment with regulatory and compliance frameworks

Provides consultation for multiple areas of risk and security to project efforts within various areas in IT or external service providers

Consults on and provides security solutions, security advisory and risk mitigation consultancy for local and global IT projects (in conjunction with IT architecture, IT service management and IT operations)

Implements and manages Information Security programs, including policies, governance processes, awareness programs and compliance audits

Develops and maintains the core security processes and ensures that they are robust (i.e. meet Sarbanes-Oxley and COBIT standards), singular, consistent, secure, understood and scalable across the regions. Applies security mgmt practices, policies and standards

Implements and manages information security programs, including policies, governance processes, awareness programs and compliance audits

Provides extensive security engineering and consulting services for broad areas of IT risk and security to IT, corporate business units and Business Segments and external service providers.

Sets and defines IT Security standards and practices.

Interacts with contacts across the global enterprise for providing IT Security engineering and Consulting services.

Preferred Skills & Abilities:

Strong understanding of technical concepts and processes

IT security controls (e.g. Firewall, Intrusion Detection & Prevention, Identity & Access Management, Encryption, Backup and Restore, High-Availability, Malware, etc.)

System Development Life Cycle and Project Management

Data and voice network (e.g. WAN, LAN, VPN, TCP/IP, etc.)

Service management processes in the areas of service support (e.g. Incident, Problem, Change, Release and Configuration management) and service delivery (e.g. Service Level, Availability, Capacity, Financial, IT Service Continuity management)

Operational and data center requirements

Education Requirements:

Bachelors degree or equivalent in Computer Science or a related field, ideally, a university degree in Risk / Security Management / Computer Science or a related subject.

Professional security qualifications (e.g. CISM, CISSP, CISA)

Contact Information:

Please submit your information through the SUBMIT RESUME function and send an email with your resume in Word format and a cover letter describing your background to jeff@altaassociates.com (unless you are already working with another Alta recruiter).