Overview

Title: Associate Security Specialist, Risk Assessment

Supervisor: Vice President, Services

Status: Full Time, Exempt

Start Date: Immediately

Travel Requirements: Up to 50%

Position Description

The Associate Security Specialist, Risk Assessment participates in assessments and supports consultation with GreyCastle Security Clients in a wide range of security domains, including risk assessment, awareness, incident response, penetration testing and vulnerability assessment. The Associate Security Specialist is a supporting team member and is essential to the delivery of security services at GreyCastle Security.

General Position Responsibilities

  • Supports senior team members as they advise and consult with clients in a wide range of security domains, including risk assessment, awareness, incident response, penetration testing and vulnerability assessment
  • Contribute to project management, communications and other activities required for successful service delivery
  • Maintain proficiency in and awareness of security services, industry trends, tactics, techniques and procedures
  • Maintain proficiency with security tools, where applicable
  • Act as a cybersecurity resource for GreyCastle Security resources
  • Participate in process improvement
  • Supports senior members in all aspects of security and risk assessment

Risk Assessment Practice Skills and Responsibilities

Associate Security Specialist, Risk Assessment is reserved for individuals that understand security and risk assessment concepts. Ultimately, the Associate Security Specialist, Risk Assessment must be able to support all functions involved with the delivery of security and risk assessment, including:

  • Plan and participate in security and risk assessment based on industry recognized standards, including NIST 800-53, NIST 800-30, ISO 27002, HIPAA, and PCI
  • Participate in client conversations and interviews in a professional and meaningful way
  • Participate in Vendor Risk Assessment using industry standard controls, including NIST 800-53
  • Participate in risk management activities to support creation and adoption of a risk management strategy
  • Produce detailed findings and recommendation documentation

Required Skills and Qualifications

  • Information Security experience not required
  • Advanced knowledge of Microsoft Word and Excel
  • Outstanding communication skills, both written and verbal
  • Outstanding organization skills, attention to detail a must
  • Outstanding decision-making ability
  • Uncompromising ethics
  • Energetic and positive attitude
  • Willingness and ability to work in a controlled, confidential environment
  • Willingness and ability to work in a team-oriented, fast-paced environment
  • Willingness and ability to work relentlessly towards goals and deadlines

Desired Skills and Qualifications

  • CISSP, GPEN, CEH, CISM, CISA, GIAC or other security-related certifications
  • Familiarity with a broad range of computing platforms and network protocols
  • Familiarity with regulatory mandates, including HIPAA, HITECH, GLBA, FERPA and others
  • Proficiency with Windows, Linux and other operating systems
  • Proficiency with Microsoft Office, including PowerPoint
  • Proficiency with Customer Relationship Management (CRM) applications and principles