Information Security Consultant

Principal Information Security Consultant:

Responsibilities:

• Lead the Information Security Program Risk Assessment.
• Develop and lead a comprehensive Information Security Program Maturity Assessment and Risk Assessment initiatives in line with the enterprise goals and regulatory expectations.
• Ensure the effective identification, mitigation and management of information security risks arising from business activities. In addition, provide guidance and advice to senior management on the status of their control environment related to standards compliance, risk identification and control issues. Identify critical areas to monitor and escalate issues and findings to appropriate stakeholders and governance committees.
• As applicable, articulate implications of risks and issues related to data management and protection to sponsors and risk owners and, if necessary, assist with security exceptions or issue management
• Translate control deficiencies into action plans and provide recommendations to enhance governance practices in alignment with risk and compliance frameworks.

Qualifications and Education Requirements:

• Bachelor's degree in Information Systems, Computer Science, Engineering, Business, Mathematics, Economics, or related field, or the equivalent combination of education, training and experience
• A minimum of 12-15 years of experience leading risk and/or compliance related activities in financial services or other relevant industry, especially Operational Risk Programs
• Deep knowledge and practical experience implementing NIST CSF. Extensive knowledge of industry leading risk management frameworks such as COSO, COBIT, ITIL)
• Extensive experience in the development of risk management frameworks along with the requisite implementation
• Advanced verbal, written, interpersonal, and presentation skills to communicate clearly and concisely technical and non-technical information to all levels of management
• Effective skill to influence, negotiate and persuade to reach agreeable exchange and positive outcomes

Desired Qualifications:

• Professional certifications including, but not limited to any of the following: FRM, PRM, CISA, CISM, CISSP, CGEIT, CRISC, CFE, CPA, CIA, CIPP, ISA, AWS, etc.