SENIOR SECURITY SPECIALIST - RISK AND COMPLIANCE

[BECOME A KNIGHT IN CYBER ARMOR]

Overview

Title:

Senior Security Specialist - Risk and Compliance

Supervisor:

Cybersecurity Service Manager

Status:

Full-Time

Start Date:

Immediately

Travel Requirements:

Up to 50%

Position Description

The Senior Security Specialist is a credentialed and experienced cybersecurity professional who has in-depth knowledge of information security concepts and functions. This individual has the capability to manage and implement a cybersecurity program and understands key business processes including risk management and compliance. The Senior Security Specialist consults, advises and leads execution of short and long-term solutions for GreyCastle Security clients in a wide range of business environments.

Position Responsibilities

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

  • Service Delivery

    • Act as a project lead for delivery of solutions and services
    • Consult with clients in a wide range of business-relevant cybersecurity topics
    • Provide leadership, mentorship and direction to members of the team
    • Use clear and concise written and verbal communication to accomplish business objectives
    • Expertly present cybersecurity concepts, issues and findings to clients and stakeholders
    • Deliver services in-line with GreyCastle Security standards
  • Training & Professional Development

    • Complete GreyCastle training as required
    • Maintain proficiency in and awareness of security services, industry trends, tactics, techniques and processes
    • Actively participate in the Individual Development Process to proactively identify, participate and execute against training and professional growth initiatives
  • Culture

    • Lead, model, and support GreyCastle Security’s Values, VIBES, and 4Crowns
    • Actively participate in training seminars and workshops that align to GreyCastle Security’s Values, VIBES, and 4Crowns
  • Other job duties and responsibilities as assigned.

Supervisory Responsibility

This position has no supervisory responsibilities.

Work Environment

This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines.

Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.

While performing the duties of this job, the employee is regularly required to talk or hear. The employee frequently is required to stand; walk; use hands to finger, handle or feel; and reach with hands and arms.

This position requires the ability to occasionally lift office products and supplies, up to 20 pounds.

Position Type/Expected Hours of Work

This is a full-time position, and hours of work and days are Monday through Friday, 8:00 a.m. to 5 p.m.

Competencies

  • • Business Acumen
  • • Risk Management
  • • Compliance (ex. ISO 27001, SOC2 and HIPAA)
  • • Consulting & Advisory
  • • Presentation Capability
  • • Client Relationship Management
  • • Solutioning
  • • Collaboration
  • • Communication
  • • Organization
  • • Service Delivery
  • • Technical Capacity

Required Skills and Qualifications

  • Proficiency with Microsoft Office and other productivity applications

Required Education and Experience

  • CISSP, GPEN, CISM, CISA, GIAC or other security-related certification commensurate with the job duties and responsibilities
  • 5+ years of information security experience
  • 2+ years of security assessment experience, including ISO 27002, HIPAA, PCI, NYS DFS, DFARS, NIST 800-53/800-171 or other related information security standards

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.