SENIOR SECURITY SPECIALIST - RISK

[BECOME A KNIGHT IN CYBER ARMOR]

Overview

Title:

Senior Security Specialist - Risk

Supervisor:

Cybersecurity Services Manager

Status:

Full-time

Start Date:

Immediately

Travel Requirements:

Up to 50%

Position Description

The Senior Security Specialist is a credentialed and experienced cybersecurity professional who has in-depth knowledge of information security concepts and functions. This individual has the capability to manage and implement a cybersecurity program and understands key business processes including risk management and compliance. The Senior Security Specialist consults, advises and leads execution of short and long-term solutions for GreyCastle Security clients in a wide range of business environments.

Position Responsibilities

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Service Delivery

  • Plan, lead, and deliver controls-based gap assessments
  • Facilitate risk management workshops to prioritize risk
  • Advise on risk treatment and corrective action plans, providing real-world solutions to solve problems
  • Act as a project lead for delivery of solutions and services such as Data Classification, Policy Development, and Vendor Risk Management and Assessment
  • Consult with clients in a wide range of business-relevant cybersecurity topics, including but not limited to asset inventory, risk assessment, data classification, policies, controls and procedures, awareness, vendor risk management and incident response
  • Have a general knowledge of technical projects and their contributions to the cybersecurity lifecycle
  • Produce and deliver detailed findings and recommendations in professional, accurate and digestible formats, in accordance with agreed upon timelines
  • Partner with Security Program and Project Managers to ensure timely delivery in-line with client expectations.
  • Provide leadership, mentorship, and direction to members of the team
  • Use clear and concise written and verbal communication to accomplish business objectives
  • Expertly present cybersecurity concepts, issues and findings to clients and stakeholders
  • Provide presentation of findings to senior-level staff and executive/board members
  • Deliver services in-line with GreyCastle Security standards

Training & Professional Development

  • Complete GreyCastle training as required
  • Maintain proficiency in and awareness of security services, industry trends, tactics, techniques and processes
  • Actively participate in the Individual Development Process to proactively identify, participate and execute against training and professional growth initiatives

Corporate Responsibility

Information security is everyone's responsibility:

  • Understanding and following GreyCastle Security’s information security policies and procedures.
  • Remaining vigilant and reporting any suspicious activity or possible weaknesses in GreyCastle Security’s information security.
  • Actively participating in GreyCastle Security’s efforts to maintain and improve information security.

Supervisory Responsibility

This position has no supervisory responsibilities.

Work Environment

This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines.

Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.

While performing the duties of this job, the employee is regularly required to talk or hear. The employee frequently is required to stand; walk; use hands to finger, handle or feel; and reach with hands and arms.

This position requires the ability to occasionally lift office products and supplies, up to 20 pounds.

Position Type/Expected Hours of Work

This is a full-time position, and hours of work and days are Monday through Friday, 8:00 a.m. to 5 p.m.

Competencies

  • Business Acumen
  • Risk Management
  • Compliance (ex. ISO 27001, SOC2 and HIPAA)
  • Consulting & Advisory
  • Presentation Capability
  • Client Relationship Management
  • Solutioning
  • Collaboration
  • Communication
  • Organization
  • Service Delivery
  • Technical Capacity

Required Education and Experience

  • Bachelor’s Degree or equivalent professional experience in cybersecurity industry
  • CISSP, GPEN, CISM, CISA, GIAC or other security-related certification commensurate with the job duties and responsibilities
  • 3+ years of information security experience
  • 1+ years of security assessment experience, including NIST 800-53, NIST 800-171, NIST CSF, HIPAA, PCI, NYS DFS or other related information security standards

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

Equal Opportunity Employer

GreyCastle Security is an equal opportunity employer, and considers qualified applicants for employment without regard to race, color, creed, religion, national origin, sex, sexual orientation, gender identity and expression, age, disability, or protected veteran status, or any other protected factors or classes.