Senior Security Consultant
Location:
Chicago or Remote, US
About VikingCloud
VikingCloud is the leading Predict-to-Prevent cybersecurity and compliance company, offering businesses a single, integrated solution to make informed, predictive, and cost-effective risk mitigation decisions – faster. Powered by the Asgard Platform, the industry's largest repository of anonymized cybersecurity and compliance event data, we continuously monitor and analyze over 6+ billion online events every day.
VikingCloud is the one-stop partner trusted by 4+ million customers to provide the predictive intelligence and competitive edge they need to stay one step ahead of cybersecurity and compliance disruptions to their business. Our 1,000 dedicated cybersecurity and compliance expert advisors understand that it's not just about technology. It's about transacting business and delivering an exceptional customer experience every day, without fail. That's the measurable value we deliver. And that's what we call, Business Uninterrupted.
This Position
As a Qualified Security Assessor (QSA), you will provide assessments and consulting to our clients. The Senior Security Consultant will focus their efforts on client-facing delivery of various security regulatory and best practice consulting engagements, including PCI DSS, Secure Software (SSF), PIN, 3DS, P2PE, and Card Production Assessments. You will manage your own book of work and be the master of your own work schedule to the degree that it coincides with your clients' requirements (that have been assigned to you) and delivery times required. You will conduct remote assessment activities and travel to client locations which usually last anywhere from 3-5 days for on-site activities over a 3–5-month timeframe for a single engagement. You will be working on an average of 3-4 active projects at any given time.
Responsibilities
Perform both consulting, advisory, and assessment services.
Maintain relevant certification required by industry and complete ongoing continuing education required by certifications.
Provide competent and relevant cybersecurity, governance, compliance, risk, and auditing in accordance with various regulations and standards.
Provide engagement management and high-level project management for delivery of services to multiple clients assigned to you by management.
Evaluate client compliance with regulations such as PCI DSS, ISO 27K series, NIST, or other compliance standards and frameworks.
Conduct audits and risk assessments based on NIST standards like the NIST Risk Management Framework, NIST Cyber Security Framework, NIST Privacy Framework, and ISO frameworks for risk and cybersecurity.
Provide consultative support with clients in using risk assessment and audits based on NIST or ISO27002.
Share your expertise with clients and colleagues to aid in decision-making on strategy and scope as well as deep technical projects like web application architecture and security.
Provide clear, organized findings and recommendations to clients and track progress towards resolution and compliance.
Produce detailed, high-quality reports for clients and industry third parties like payment card brands and the PCI Security Standards Council.
Learn from our close-knit group of consultants and contribute your thoughts, tools, industry news, or lessons learned.
Work with clients to implement practices to produce secure applications and identify and eliminate security vulnerabilities.
Work independently, undertaking information security engagements including coordination and project management (client interaction, deliverables, work plans, escalations, etc.).
Grow the business by identifying up-sells with existing and potential clients.
Provide regular status reports on all projects assigned.
Be a team player and have the capability to expand/adapt your skills in a fast-paced, ever-changing industry.
Qualifications
Bachelor's degree or similar, and/or at least seven (7) years of experience in a consulting or audit role, or experience in Information Security or IT security.
At least one industry-recognized professional certification from each of the lists below:
List A: (ISC)2
Certified Information System Security Professional (CISSP)
ISACA Certified Information Security Manager (CISM)
Certified ISO 27001 Lead Implementer
List B: ISACA
Certified Information Systems Auditor (CISA)
Certified ISO 27001 Lead Auditor, Internal Auditor 1
IRCA ISMS Auditor or higher (e.g., Auditor/Lead Auditor, Principal Auditor)
IIA Certified Internal Auditor (CIA)
PCI DSS QSA certification beneficial (although not required; we will get you certified).
Experience working in sectors such as retail, banking, fintech, software development, or any industry where card payments are accepted.
Strong understanding of IT infrastructure including applications, servers, databases, network devices, and security solutions.
Strong understanding of IT and security processes including change control, patch management, vulnerability management, configuration management, incident response, etc.
Experience with software development methodologies and practices.
Virtualization experience beneficial.
Cloud security (AWS, Oracle) experience beneficial.
Understanding of regulatory requirements and compliance issues affecting clients related to privacy and data protection.
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, political affiliation or opinion, medical condition, status as a veteran, or any other federal, state, or local protected class.
#J-18808-Ljbffr
