Senior Cybersecurity Advisor
EPITEC · Little Canada, MN · 5 days ago
Information TechnologyContract
Responsibilities
- Develop and maintain security guidance documentation, including standards and frameworks
- Conduct full-stack architecture reviews of products and platforms, including consumer identity platforms
- Perform cybersecurity threat modeling and prepare outputs for review by internal and external stakeholders
- Establish, document, and monitor compliance with risk-based and regulatory-informed cybersecurity requirements for individual products
- Collaborate with product designers and developers to ensure security considerations are integrated early into product design discussions
- Validate the security of product software supply chains and product deployment pipelines
- Develop risk mitigation strategies and recommend appropriate security controls
- Evaluate the effectiveness of product cybersecurity controls
- Identify and effectively communicate cyber risk trends
- Ensure risk management plans are clearly documented, actionable, and accurately reflect the organization’s risk tolerance
- Track and ensure product compliance with defined vulnerability remediation SLAs.
- Participate in governance forums, architecture reviews, and technical discussions as a representative of Product Cybersecurity
Qualifications
- 7+ years of experience in cybersecurity or technology architecture, assessment, or consulting with a focus on the development of secure digital product technologies
- Experience conducting risk assessments, control assessments, and governance reporting
- Strong understanding of modern technology stacks, including cloud-native architectures and API-driven services
- Strong understanding of core concepts related to identity and access management, secure software development, network security, and cryptography
- Familiar with device to device, service to service, and consumer identity and access management practices
- Familiarity with modern phishing-resistant authentication technologies, including WebAuthn and Passkeys
- Knowledge of global medical device regulatory frameworks
- Excellent analytical, problem-solving, and communication skills
- Working knowledge of security frameworks and standards (e.g., NIST, ISO/IEC 27001, PCI DSS)
- Strong collaboration and influencing skills, with the ability to work effectively across technical and business teams
- Exceptional written and verbal communication skills, with the ability to tailor complex information for diverse audiences
- Strong analytical and problem solving skills, with the ability to work independently and manage multiple priorities
- Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Information Assurance, Software Engineering, or a related field
- Preferred qualifications: cybersecurity experience across e-commerce, mobile apps, IoT, or medical devices. Preferred certifications include CISSP, HCISPP, CISM, CCSP, SABSA Foundation, CISA, or similar industry-recognized certifications