Principal Security Consultant, Governance

SEIZE THE OPPORTUNITY TO BE A PART OF SOMETHING GREAT!

Presidio is on the leading edge of a technology-driven movement to transform the way business is done, for our customers and our customers' customers. Joining Presidio means immersing yourself in a culture of self-starters, collaborators and innovators who make real, lasting change in the marketplace via cutting-edge technology and business solutions. At Presidio, we know that it's our people that make the connections happen.

WHY YOU SHOULD JOIN US? You will set your career on track for outstanding achievement with a company that knows no limits. Presidio is a leading global digital services and solutions provider focused on Digital Infrastructure, Business Analytics, Cloud, Security & Emerging solutions.

THE ROLE: Principal Security Consultant, Governance

As a Principal Security Consultant, Governance, you will possess a deep level of expertise and vast knowledge base in core information security governance, risk, compliance, and privacy domains. It is critical that a Principal Security Governance Consultant be able to present complex solutions and topics in a concise manner. The consultant must be comfortable blending multiple service offerings and deliverables into a single aggregate final risk report/deliverable and executive presentation for audiences of all levels and skillsets.

Job Summary:

The ideal consultant will have experience in reviewing, understanding, and interpreting risk management and compliance frameworks, security standards, and privacy models. The consultant must have a professional and practical understanding of Information Technology, including how technical and administrative controls are implemented across various industry verticals and company sizes. The candidate should be well versed in assessing said controls, understand how controls should be governed, and be able to assist in the strategic development of aligning security goals to business objectives.

This is a customer-facing role.

Travel Requirements:

This role will be remote however travel will be required to client locations to deliver professional services when needed (~30%).

Job Responsibilities:

• Lead customer engagements and project execution providing information security consultation and assessment services, helping our clients meet their compliance obligations by evaluating their business, technology, and operations against industry security standards.
• Educate, mentor, advise, and share your expertise with clients and colleagues to aid in making decisions on topics like organizational security strategy and services scope as well provide consultative guidance on complex projects.
• Providing clear, organized findings and recommendations to clients and tracking progress towards resolution and compliance.
• Consult/advise with C-level Security Leaders (CISO, CSO, CIO, etc.) and the Board of Directors with our most valued and strategic customers.
• Develop strategic, operational, and tactical recommendations tailored to each customer with the intent to improve a customer's security posture and compliance position.
• Create detailed strategic security roadmaps with short-term, mid-term, and long-term goals that prioritize remediation recommendations and address all instances of non-compliance with applicable regulatory, statutory, contractual, and organizational obligations.
• Lead large security engagements in concert with other cybersecurity practices and Presidio teams.
• Develop security policies, standards, and procedures that are custom-tailored to each customer's unique culture, security goals, and organizational objectives using industry best practices and compliance requirements.
• Review, analyze, and assess key factors, including inherent risk, mitigating controls, business impact, likelihood and other key elements to determine organizational security risk.
• Ensure and assess customer alignment to, and/or compliance with, applicable regulatory, federal, state, local, contractual, and organizational requirements and best practices standards such as ISO 27001, NIST CSF, PCI DSS, HIPAA, FERPA, NIST 800-171, CMMC, etc.
• Work closely with organizations to conduct security program development by establishing the foundation for a best of breed security program architecture reference model using industry frameworks and standards such as ISO 27001, NIST 800-53, NIST Cyber Security Framework (CSF), etc.
• Work with other seasoned Principal Security Consultants in a collaborative setting to support and assist on the execution and delivery of key services such as Cloud Governance, Advisory Services, security program development, documentation review, and security consulting services.
• Assist practice Directors in cybersecurity administrative functions, such as documentation maintenance, documentation creation, peer review, and other internal cybersecurity activities.

Required Skills:

• Must have previous professional experience providing consultative services.
• Strong professional expertise in information security with the ability to thoroughly understand complex principles and apply them practically.
• Comfortably present security concepts and/or findings to both highly technical and entirely non-technical audiences.
• Ability to manage multiple tasks and responsibilities, work alone or in small teams, achieve established goals and objectives, and communicate progress in a timely manner.
• Must be analytical, innovative, possess a strong sense of attention to detail.
• Strong cross-functional team participant and collaborative approach to problem-solving.
• Manage and guide engagement members to engagement completion.
• Prior experience working closely with customers and collaborating with IT staff is a plus.
• Strong verbal and written communication skills, organizational skills, and attention to detail.
• Ability to work collaboratively or independently as required by a given situation.
• Ability to manage multiple and changing priorities and tasks.
• Ability to be flexible and embrace change.
• Self-motivated and self-directed.
• Self-starter with the ability to manage their own tasks into a larger project or program effort.
• Ambitious and goal-oriented, with the initiative to work until the job is complete.
• Working knowledge of Security Testing and Audit Platforms (Nessus, NMAP, etc.).
• Working knowledge of host/network common vulnerabilities and exploits (CVEs, IAVAs, etc.), hacker methodologies and tactics, and the tools used.
• Experienced in using the Microsoft Office Suite (Word, Excel, PowerPoint).

Additional Desired Skills:

• Ability to work closely with cross-functional departments within Presidio and the client.
• Willingness to learn from our close-knit group as well as contributing thoughts, tools, industry news or lessons learned.
• Desire to grow the business by identifying up-sell opportunities with existing and potential clients.
• Experience with project deliverables from a VAR/Integrator is preferred.
• Ability to maintain tact, composure, and professionalism in an interrupt-driven environment and/or when challenged by customers.
• Cloud security knowledge is a plus in AWS and Azure environments.

Education and Experience:

• Bachelor's Degree with a focus on Information Security, IT, Computer Science, or
• Minimum of 5-10 years of conducting Information Security risk and compliance assessments.
• 3-5 years of evaluating compliance with regulatory and key IT standards such as HIPAA/HITECH, PCI DSS, NIST CSF, ISO 27001, GDPR/CCPA, NERC CIP, and other similar standards/frameworks.
• Strongly prefer candidates with payment card (QSA, PCI DSS, PA-DSS, P2PE, PFI), financial (GLBA, SOX, SSAE 18), and/or health care (HIPAA/HITECH) experience.
• Current information security certifications such as CISM, CISA, CISSP, ISO 27001 LI, are preferred.

*****

ABOUT PRESIDIO

Presidio is committed to Diversity, Equity, and Inclusion at the highest levels and has strengthened its drive to build and drive systemic DEI change process across all levels of the organization. Cultivating a culture of inclusion where the expression of all our differences are valued, celebrated, and add to our collective achievements.

Presidio is a global digital services and solutions provider accelerating business transformation through secured technology modernization. Highly skilled teams of engineers and solution architects with deep expertise across cloud, security, networking and modern data center infrastructure help customers acquire, deploy and operate technology that delivers impactful business outcomes. Presidio is a trusted strategic advisor with a flexible full life cycle model of professional, managed, and support and staffing services to help execute, secure, operationalize and maintain technology solutions. We serve as an extension of our clients' IT teams, providing deep expertise and letting them focus on their core business. Presidio operates in 40+ US offices and offices in Ireland, London, Singapore, and India.

For more information visit: http://presidio.com

*****

Presidio is an Equal Opportunity / Affirmative Action Employer / VEVRAA Federal Contractor. All qualified candidates will receive consideration for this position regardless of race, color, creed, religion, national origin, age, sex, citizenship, ethnicity, veteran status, marital status, disability, sexual orientation, gender identification or any other characteristic protected by applicable federal, state and local statutes, regulations and ordinances.

To read more about discrimination protections under Federal Law, please visit: https://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf

If you have any difficulty using our online system and need an accommodation in the job application process due to a disability, please send an email to recruitment@presidio.com for assistance.

Presidio is a VEVRAA Federal Contractor requesting priority referrals of protected veterans for its openings. State Employment Services, please provide priority referrals to recruitment@presidio.com.

RECRUITMENT AGENCIES PLEASE NOTE:

Agencies/3 Parties may not solicit to any employee of Presidio. Any candidate information received from any Agency/3 Party will be considered a gift and property of Presidio, unless the Agency/3 Party is an Authorized Vendor of Presidio with an up-to-date Presidio Contract in hand signed by Presidio Talent Acquisition. No payment will be made to any Agency/3 Party who is not an Authorized Vendor, nor has specific approval in writing from Presidio Talent Acquisition to engage in recruitment efforts for Presidio.