San Jose, California (Remote Positions Available)
Our San Jose, California-based Information Security Services Firm has an immediate opening for a Senior Consultant to support our Strategic Advisory Services practice. This is a key position that will require you to put your technical expertise, consulting, and auditing experience to work to provide consulting and remediation support services to our clients. AppSec Consulting’s goal is to help our customers navigate complex security, privacy, and compliance issues; we focus on building build long-term relationships in our role as trusted advisors.
This position will require spending approximately 75% of your time performing assessment, advisory, and technical consulting services, and approximately 25% assisting with internal projects. You will be expected to lead assessments from start to finish, effectively communicate with peers and customers, and produce high-quality deliverables while adhering to project timelines.
Primary Job Duties – Consulting and Advisory Services
- Providing expert assessment and remediation advice to our customers, related to Service Organization Controls (SOC 1,2), ISO/IEC 27001:2013, Privacy Shield, and the General Data Protection Regulation (GDPR).
- Performing IT risk assessments based on ISO/IEC 27005 and developing tailored risk treatment options.
- Creating project plans, milestones, deliverables, and assisting clients throughout the project lifecycle.
- Developing and tailoring security policies relevant to the organization’s culture, objectives, and risk tolerance.
- Performing activities to support our customers’ data privacy programs, such as Data Privacy Impact Assessments, data inventory and dataflow mapping, review of contractual clauses, third party review, and assistance in development of policies and practices used to support programs aligned with current privacy laws and regulations.
- Creating professional reports for our clients that detail assessment findings. Quality reports are very important to us as they allow us to differentiate ourselves in the marketplace - our reports are tailored to our clients’ business and include a roadmap of practical, actionable steps for improving their security, governance, risk, compliance, and privacy posture.
- Consulting with clients to provide expert advice to help them understand their regulatory and compliance requirements, our assessment findings, and introducing practical remediation options.
- Providing presales and scoping assistance as needed.
- Supporting our PCI DSS practice as needed.
This position can be performed remotely. Though our company is headquartered in San Jose, California, this position will have a strong focus on supporting a geographically diverse client base. The position will sometimes require travel to remote client locations both within and outside of the United States.
- Minimum of seven years in the information security, governance, risk, compliance, and data privacy fields doing work similar to what is described above
- Key qualifications for the candidate that we will consider include:
- Information security audit and management certifications are preferred (such as CISA, CISM, CISSP, ISO 27001 expert or Lead Auditor/Implementer).
- Candidates with Payment Card Industry Data Security Standard (PCI DSS) experience are preferred (PCI QSA, PCI ISA, or PCIP) but not required.
- Relevant privacy certifications such as the CIPP/E, CIPP/US, and CIPM are strongly preferred.
- Experience with contract and third-party assessment related to data protection and privacy preferred.
- A background in the legal aspects of data privacy are preferred (though we do not provide legal advice to our customers).
- Familiarity and experience with a variety of security products and technologies - for example, network firewalls, web application firewalls, antivirus solutions, Data Loss Prevention products, and encryption technologies. We do not expect you to be an expert in all of these areas, but having a broad knowledge of the information security space is a plus for this type of work. Our team includes specialists in application and network security, they are available for technical collaboration when needed.
- Strong customer focus. The goal should be to make customers happy enough that they ask for you to be sent back to do more work for them.
- Strong written and verbal communication skills.
- Desire to learn and become an ambassador for AppSec Consulting’s growing brand in the information security and data privacy communities.
- Desire to maintain knowledge of ongoing security, compliance, risk, and privacy industry developments.
- Excellent organizational skills.
- Honesty and integrity.
- Enthusiastic, responsible, proactive, and dependable team player.
- A willingness to identify and solve problems through creative thinking and collaboration.
- Ability work efficiently and meet project deadlines with minimal supervision.
- Willingness to travel when necessary.
- Willingness to work odd hours at times. For the most part this is a Monday-Friday 8:00 to 5:00 position; however, client requirements and the project-based nature of our work may occasionally require some flexibility in schedule.
- Must undergo criminal background check and drug testing.
- Competitive salary including performance incentives.
- Company-sponsored medical, dental, vision and life insurance.
- Company sponsored training budget and career growth opportunities.
- Company-sponsored 401k program with 4% match.
- Company-paid industry certifications necessary for your position (such as CISA, CISM, CISSP, ISO 27001 expert or Lead Auditor/Implementer etc.).
- Small, dynamic environment that encourages and rewards initiative and creativity.
If you think you’re the right person for this challenging and fun career opportunity, please send your resume to firstname.lastname@example.org.