Overview

Title: Senior Security Specialist, Risk Assessment (RA)

Supervisor: Vice President, Services

Status: Full-Time, Exempt

Start: Immediately

Travel Requirements: Up to 50%

Description

The Senior Security Specialist (RA) conducts risk assessments and consults with GreyCastle Security clients in a wide range of security domains, including risk assessment, governance, awareness, incident response, penetration testing and vulnerability assessment. The Senior Security Specialist (RA) is a critical team member and is essential to the delivery of security services at GreyCastle Security.

Position Responsibilities

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

  • Consult with Clients in a wide range of security domains, including risk assessment, governance, awareness, incident response, penetration testing and vulnerability assessment
  • Contribute to project management, communications and other activities required for successful service delivery
  • Maintain proficiency in and awareness of security services, industry trends, tactics, techniques and procedures
  • Maintain proficiency with security tools, where applicable
  • Provide direction to members of the team
  • Act as a cybersecurity resource for GreyCastle Security clients
  • Provide leadership and initiate process improvement
  • Act as a mentor and provide guidance to junior team members

Risk Assessment (RA) Practice Skills and Responsibilities

The Senior Security Specialist (RA) role is for individuals that have mastered risk assessment concepts and can apply them in real-world businesses. Ultimately, the Senior Security Specialist (RA) must be able to advise, consult and provide the following:

  • Application of Risk Management Principals
  • Plan and lead risk assessments based on industry recognized standards, including NIST 800-53, NIST 800-30, ISO 27002, HIPAA, and PCI
  • Conduct Client conversations and interviews in a professional and meaningful way
  • Conduct Vendor Risk Assessment using industry standard controls, including NIST 800-53
  • Conduct risk management activities to support creation and adoption of a risk management strategy
  • Produce and deliver detailed findings and recommendation documentation
  • Provide presentation of findings to senior-level staff and board members

Required Education and Experience:

  • CISSP, GPEN, CISM, CISA, GIAC or other security-related certifications
  • 5+ years of information security experience
  • 3-5 years of security risk assessment experience
  • Advanced knowledge of Microsoft Word and Excel

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.