Overview

Title: Security Specialist, Information Security Office

Supervisor: Vice President, Services

Status: Full Time, Exempt

Start Date: Immediately

Travel Requirements: Up to 50%

Position Description

The Security Specialist consults with GreyCastle Security clients in a wide range of security domains, including risk assessment, awareness, incident response, penetration testing and vulnerability assessment. The Security Specialist is a critical team member and is essential to the delivery of security services at GreyCastle Security.

General Position Responsibilities

  • Consult with clients in a wide range of security domains, including risk assessment, awareness, incident response, penetration testing and vulnerability assessment
  • Contribute to project management, communications and other activities required for successful service delivery
  • Maintain proficiency in and awareness of security services, industry trends, tactics, techniques and procedures
  • Provide support to members of the team
  • Act as a cybersecurity resource for clients and business partners
  • Assist with process improvement
  • Act as a mentor and provide guidance to junior team members

ISO Practice Skills and Responsibilities

The role of Security Specialist, Information Security Office is reserved for individuals that understand and apply ISO Practice services in real-world environments. This requires a working knowledge of business processes and how to effectively integrate security. Ultimately, the Security Specialist, Information Security Office must be able to support client initiatives in the following:

  • Application of Risk Management PrincipalsApplication of Risk Management Principals
  • Data Classification
  • Information Security Policy Framework Implementation (NIST 800-53)
  • Development and Implementation of Security Controls to Address State/Federal/Commercial Regulations
  • Vendor Risk Management
  • Access Control

Required Education and Experience

  • CISSP, GPEN, CEH, CISM, CISA, GIAC or other security-related certifications
  • 2+ years of information security experience
  • 1-3 years of security assessment experience, including 27002, HIPAA, PCI and NIST
  • Advanced knowledge of Microsoft Word and Excel