Title: Security Specialist, Risk Assessment

Supervisor: Vice President, Services

Status: Full-Time, Exempt

Start: Immediately

Travel Requirements: Up to 50%


The Security Specialist, Risk Assessment participates in assessments and consults with GreyCastle Security clients in a wide range of security domains, including risk assessment, awareness, incident response, penetration testing and vulnerability assessment. The Security Specialist is a critical team member and is essential to the delivery of security services at GreyCastle Security.

General Responsibilities

  • Supports senior team members as they advise and consult with clients in a wide range of security domains, including risk assessment, awareness, incident response, penetration testing and vulnerability assessment
  • Contribute to project management, communications and other activities required for successful service delivery
  • Maintain proficiency in and awareness of security services, industry trends, tactics, techniques and procedures
  • Maintain proficiency with security tools, where applicable
  • Act as a cybersecurity resource for GreyCastle Security clients
  • Initiate and participate in process improvement
  • Supports senior members in all aspects of security and risk assessment
  • Produce detailed findings and recommendations, and deliver those findings to senior management, board members and key stakeholders

Risk Assessment (RA) Practice Skills and Responsibilities

The Security Specialist, Risk Assessment role is for individuals that fully understand security and risk assessment concepts and can apply them in real-world businesses. Ultimately, the Security Specialist, Risk Assessment must be able must be able to advise, consult and provide the following:

  • Plan and participate in security and risk assessment based on industry recognized standards, including NIST 800-53, NIST 800-30, ISO 27002, HIPAA, and PCI
  • Participate in client conversations and interviews in a professional and meaningful way
  • Participate in Vendor Risk Assessment using industry standard controls, including NIST 800-53
  • Participate in risk management activities to support creation and adoption of a risk management strategy
  • Produce detailed findings and recommendation documentation

Required Skills and Qualifications

  • Information Security experience not required
  • Advanced knowledge of Microsoft Word and Excel
  • Outstanding communication skills, both written and verbal
  • Outstanding organization skills, attention to detail a must
  • Outstanding decision-making ability
  • Uncompromising ethics
  • Energetic and positive attitude
  • Willingness and ability to work in a controlled, confidential environment
  • Willingness and ability to work in a team-oriented, fast-paced environment
  • Willingness and ability to work relentlessly towards goals and deadlines

Desired Skills and Qualifications

  • CISSP, GPEN, CEH, CISM, CISA, GIAC or other security-related certifications
  • Familiarity with a broad range of computing platforms and network protocols
  • Familiarity with regulatory mandates, including HIPAA, HITECH, GLBA, FERPA and others
  • Proficiency with Windows, Linux and other operating systems
  • Proficiency with Microsoft Office, including PowerPoint
  • Proficiency with Customer Relationship Management (CRM) applications and principle