Job Description

Role: GRC, CyberSecurity Consultant


Duration: Contract
Work location : Louisville, KY (Permanent remote)



Description : The Security Consultant determines security requirements by evaluating business strategies and requirements. The Security Consultant work assignments are varied and frequently require interpretation and independent determination of the appropriate courses of action. Understands department, segment, and organizational strategy and operating objectives, including their linkages to related areas. Makes decisions regarding own work methods, occasionally in ambiguous situations, and requires minimal direction and receives guidance where needed. Follows established guidelines/procedures.


The Security Consultant will assist in developing the Third Party Continuous Monitoring Capability for Third-Party Cyber Risk (TPCRM) team. The Security Consultant identifies third party connections and security risk by evaluating network and security technologies; developing security requirements for third party onboarding, monitoring and offboarding; adhering to industry standards. This includes:
- Provide recommendations to reduce vendor risk and follow-up to ensure remediation plans are timely, effective, and appropriately implemented.
- Report engagement status and results, both verbally and in writing, to management
- Review and analyze technologies, processes, documentation, and data to identify any gaps in the effectiveness of TPM cybersecurity controls and operations
- Presenting information, updates, results, etc. to associates and leaders
- Support third party monitoring and offboarding operations. This includes:
- Provide recommendations to reduce vendor risk and follow-up to ensure remediation plans are timely, effective, and appropriately implemented.
- Report engagement status and results, both verbally and in writing, to management
- Review and analyze technologies, processes, documentation, and data to identify any gaps in the effectiveness of TPM cybersecurity controls and operations
- Presenting information, updates, results, etc. to associates and leaders
- Support third party monitoring and offboarding operations. This includes:
- Working with industry leading security tools to dynamically measure third party risks and report to various stakeholders
- Conducting data validation and cleanliness activities to ensure accurate reporting and integration with other teams and tools
- Partnering with cross-functional teams to further security leading practices in the offboarding of third parties
- Conducting data clean-up and lineage exercises between GRC tooling and related systems
- Advocate program capabilities to business stakeholders by demonstrating value and fostering awareness
- Assist in developing innovative solutions to help evaluate complex business, technology, and risk issues in a fast-paced environment


Required Qualifications
- Bachelor's degree in Business, Information Technology or related field
- Minimum of 3 years of technical cyber Security Consultants experience and IT audit/compliance
- Experience integrating Cyber Security technologies with existing technologies
- Proficient understanding of - and experience with - audit, regulatory requirements, and standards (SOC2, ISO, HITRUST), and other related standards and certification processes
- Must be passionate about contributing to an organization focused on continuously improving consumer experiences
- Willing to work in Eastern Time business hours


Preferred Qualifications
- Knowledge of key compliance and IT frameworks such as: SSAE16 SOC2, HITRUST, SOX, etc.
- CISA, CISSP, HCISPP, CCSP, CISM, CTPRP or similar certification United Software Group, Inc.

Job Tags

Permanent employment, Contract work, Remote job,

Similar Jobs