Information Security Consultant
Heartland Business Systems · Sun Prairie Town, WI · Yesterday
Information TechnologyFull-time
Position Summary
Heartland's team of Information Security Consultants provide IT risk management, information security, and compliance consulting services to clients in a variety of industries. Consultants routinely perform risk assessments, audit systems for compliance, work with IT and business leaders to identify and properly mitigate risks, recommend improvements for administrative, technical and physical controls, help clarify compliance requirements, and lead incident response activities. The Information Security Consultant may act as vCISO for a client under the supervision of a Senior Consultant or Practice Manager.
Roles and Responsibilities/ Essential Functions
- Audit, test, or review IT systems, network or application architecture and business processes for compliance with best practices and/or regulatory requirements.
- Review and recommend technical, administrative, and physical controls to mitigate identified risk.
- Perform risk assessments of IT infrastructure and applications and make recommendations for improvements based on the client’s stated risk tolerance levels.
- Develop materials and processes to assist clients with implementing both technical and non-technical controls.
- Assist with incident response during security events.
Requirements
- Accountability
- Active Listening
- Adaptability
- Communication
- Customer Oriented
- Decision Making
- Initiative
- Problem Solving
- Project Management
- Working Under Pressure
Competencies
- Accountability
- Active Listening
- Adaptability
- Communication
- Customer Orientation
- Decision Making
- Initiative
- Problem Solving
- Project Management
- Working Under Pressure
Requirements
- Minimum of 1450 billed per fiscal year prorated based on start date.
- These charge hour requirements will be balanced against professional development and on the job training.
Required Experience
- 2+ years of related experience
- 2+ years implementing Cybersecurity Programs
- 2+ years implementing Compliance and Governance Programs
Preferred Experience
- 4+ years of IT Systems implementation or management experience
- 4+ years implementing compliance programs
- 4+ years in leadership role
Required Skills, Education and/ or Certifications
- CISSP or other current industry standard certifications in areas of security expertise
- Experience as a security consultant, analyst, engineer, system administrator, IT lead, or similar role focused on information security responsibilities
- Demonstrated experience with regulatory/compliance requirements (e.g., PCI, HIPAA/HITRUST, SOX, FISMA), information security frameworks and controls (e.g., NIST, ISO, CIS)
- Demonstrated experience reviewing and recommending appropriate technical, administrative, and physical controls
- Demonstrated experience selecting and implementing appropriate risk mitigation strategies to ensure IT systems remain within established risk tolerance levels
- Ability to develop policies, standards and baseline configurations
- Strong attention to detail and ability to document findings and convey information
- Ability to manage project deliverables and deadlines
- Ability to provide superior customer service via phone and email
- Strong listening and presentation skills
- Ability to clearly communicate with co-workers, management, clients, and vendors
Preferred Skills, Education and/ or Certifications
- Healthcare compliance, privacy, or security certification
- Certified Information Systems Security Professional (CISSP) or equivalent
- Certified Information Systems Auditor (CISA) or equivalent (CISM)
- Certified in Risk and Information Systems Control (CRISC) or equivalent