Skip to main content
Security Consultant image

Job description

A Security Consultant is a sort of guide or security guru.
An expert consultant designs and implements the best security solutions for an organization's needs


  • Lead delivery of solutions to clients independently or as a team lead
  • Determine the most effective way to protect computers, networks, software, data and information systems against any possible attacks
  • Interview staff and heads of departments to determine specific security issues
  • Perform vulnerability testing, risk analyses and security assessments
  • Research security standards, security systems and authentication protocols
  • Prepare cost estimates and identify integration issues for IT project managers
  • Plan, research and design robust security architectures for any IT project
  • Test security solutions using industry standard analysis criteria
  • Deliver technical reports and formal papers on test findings
  • Provide technical supervision for (and guidance to) a security team
  • Define, implement and maintain corporate security policies
  • Respond immediately to security-related incidents and provide a thorough post-event analysis
  • Update and upgrade security systems as needed

Assist in engagement management activities, where needed including but not limited to support of:

  • Assignment of peer reviewers for quality control activities
  • Statement of Work creation
  • Scoping of projects
  • Project management activities
  • Support resourcing for engagements
  • Assist in development of sales collateral
  • Support identification and closing on sales opportunities
  • Provide thought leadership and create associated documentation such as presentations and white-papers

Requirements and skills

  • 5+ years experience in IT security, compliance and risk management, including privacy, controls, etc.
  • Broad experience and expert understanding of data privacy regulations and concepts including GDPR, UK IGToolkit, country and state privacy and data breach notification laws, HIPAA privacy rule
  • Broad experience and expert understanding of IT Risk Management (inc. Information Security, Data Privacy, Vulnerability Management)
  • Experience advising customers on architectures meeting industry standards such as PCI DSS, ISO 27001, HIPAA, and NIST/DoD frameworks.
  • Experience with enterprise risk management methods and techniques to drive successful outcomes in a multi-national environment
  • Experience with cloud computing technologies and workload transition challenges
  • BS level degree or equivalent experience required, computer science, business or math background preferred; Preferred Qualifications
  • Implementation experience with enterprise governance, risk, and compliance software packages
  • Experience implementing security controls around ERP & business productivity packages including SAP, Oracle
  • Familiarity with archive, backup/recovery and business continuity processes in distributed operations
  • Demonstrated ability to think strategically about business, product, and technical challenges
  • Highly technical and analytical, possessing 7 or more years of IT implementation experience
  • Implementation of AWS services in a distributed environments with Microsoft, IBM, Oracle, HP, SAP etc.
  • Experience building enterprise governance, risk, and compliance programs or driving the program's evolution to meet new requirements
  • Experience leading the certification or accreditation of cloud workload(s) to meet industry standards such as PCI DSS, ISO 27001, HIPAA, and NIST/DoD frameworks
  • Strong verbal and written communications skills and ability to lead effectively across organizations

Technical experience and expert understanding of:

  • Risk, vulnerability and threat assessments
  • Third party, cloud and internal risk management
  • Readiness and compliance assessments
  • Information security strategy, architecture and framework design
  • Information security program implementations
  • Network security engineering and architecture
  • Tools and technology implementations (e.g., firewall and application level firewalls, data leakage prevention, digital rights management, IDS / IPS, etc.)
  • Broad understanding and experience with industry standards, frameworks, and regulations including but not limited to: NIST CSF, ISO 27000 series, COBIT, NIST SP 800-53, PCI DSS, HIPAA, GLBA
  • Business development experience
  • Experience managing professional services projects
  • Strong project management and communication skills
  • Strong writing skills are a requirement
  • Experience collaborating with corporate legal teams
  • Ability to work independently while being a team player


  • Industry Standard Certifications (e.g., CISSP, CISA) preferred
  • Advanced degrees (e.g., Masters, MBA) preferred