Security Specialist


Cybersecurity Service Manager



Start Date:


Travel Requirements:

Up to 65%

Position Description

The Security Specialist provides foundational business-focused cybersecurity solutions, including risk assessment, governance, data classification, policies, controls and procedures, awareness, vendor risk management, and incident response. Other responsibilities include leading delivery of client solutions and acting as a trusted advisor to help solve business-critical problems. This position is a critical member of a cybersecurity-focused business solution team, composed of capable and high-caliber cybersecurity professionals.

Position Responsibilities

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

  • Supports senior team members as they advise and consult with Clients in a wide range of compliance and security domains, including risk assessment, awareness, incident response, penetration testing and vulnerability assessment
  • Contribute to project management, communications and other activities required for successful service delivery
  • Maintain proficiency in and awareness of security services, industry trends, tactics, techniques and procedures
  • Maintain proficiency with security tools, where applicable
  • Act as a cybersecurity resource for GreyCastle Security Clients
  • Initiate and participate in process improvement
  • Produce detailed findings and recommendations, and deliver those findings to senior management, board members and key stakeholders
  • Plan and participate in security and compliance assessment and program development activities based on industry recognized (e.g. NIST 800-53, NIST 800-171, NIST CSF, HIPAA, PCI, ISO 27001, ISO 27017, ISO 27018, ISO 27701, ISO 22301)
  • Participate in Client conversations and interviews in a professional and meaningful way
  • Participate in Vendor Risk Assessment using industry standard questionnaires
  • Participate in risk management activities to support creation and adoption of a risk management strategy
  • Produce detailed findings and recommendation documentation
  • Corporate Responsibility

    Information security is everyone’s responsibility. GreyCastle Security employees are responsible for:

  • Understanding and following GreyCastle Security’s information security policies and procedures
  • Remaining vigilant and reporting any suspicious activity or possible weaknesses in GreyCastle Security’s information security
  • Actively participating in GreyCastle Security’s efforts to maintain and improve information security
  • Other job duties and responsibilities as assigned
  • GreyCastle Security considers this position as Moderate Risk with an unlikely potential to view, access, or download restricted information, private client information or internal data. This information must be treated with sensitivity and in the most secure manner.

Supervisory Responsibility

This position has no supervisory responsibilities.

Work Environment

This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines.

Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.

While performing the duties of this job, the employee is regularly required to talk or hear. The employee frequently is required to stand; walk; use hands to finger, handle or feel; and reach with hands and arms.

This position requires the ability to occasionally lift office products and supplies, up to 20 pounds.

Position Type/Expected Hours of Work

This is a full-time position, and hours of work and days are Monday through Friday, 8:00 a.m. to 5:00 p.m.

Required Education and Experience

  • 3+ years of experience in the cybersecurity industry working with business customers
  • Bachelor’s Degree or equivalent professional experience in cybersecurity industry
  • Demonstrated proficiency in leading and supporting cybersecurity services, including but not limited to risk assessment, data classification, policy/standards procedure development, awareness, vendor risk management, incident response, vulnerability management and penetration testing
  • Demonstrated experience implementing core services to meet industry accepted standards and compliance frameworks such as HIPAA, NIST, ISO, etc.
  • Proficient in presenting to senior-level customer staff

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

Equal Opportunity Employer

GreyCastle Security is an equal opportunity employer, and considers qualified applicants for employment without regard to race, color, creed, religion, national origin, sex, sexual orientation, gender identity and expression, age, disability, or protected veteran status, or any other protected factors or classes.