Careers at Cosant Cyber Security

Cosant Cyber Security advisors, consultants and vCISOs all have a unique blend of business savvy, information technology experience and deep information security expertise.  Our staff is fluent in communicating with all staff from technicians to engineers to the C-suite and Board of Directors.

Our advisors, consultants and vCISOs are required to pass a comprehensive background check with FBI’s Infragard program, hold a B.S. Degree in Information Technology or a subfield and maintain current CISSP, CISM or PMP certification status.  Additionally, 5 years of direct experience providing executive level IT and Cyber Security leadership is required.  Many of our staff have these qualifications in tandem with decades of progressive information technology and security experience.

Cosant

Current Positions:

Senior Security Consultant

The Senior Security Consultant is a proven expert in information security concepts and functions. In this role, you will consult, strategize and lead Cosant clients in a wide range of information security projects to reduce exposure and risk, and achieve compliance requirements.

IT’S ABOUT YOUR RISK AND REPUTATION, NOT YOUR TECHNOLOGY. ®

The Senior Security Consultant has expertise in managing and implementing cybersecurity and related compliance solutions in a consultant role. They have a comprehensive understanding of key cybersecurity domains of governance, risk and compliance, as well as how to balance business effectiveness with risk reduction.
The target candidate must be able to communicate effectively to lead C-level executives, senior managers, and IT professionals to make informed decisions that align business objectives with cyber security objectives.

Essential Functions

  • Lead and support cyber security projects with the following activities:
  • Manage cyber security risk assessments in a vCISO (virtual chief information security officer) capacity, based on one or more of the following security/compliance frameworks
    • CMMC, NIST 800-53, NIST 800-171, NIST CSF
    • ISO 27001 and related ISO standards
    • FedRAMP
    • SOC2, HIPAA, PCI
  • Consult with client and stakeholders to align business and security objectives.
  • Write/Revise System Security Plans (SSPs) and Plan of Actions and Milestones (POAM).
  • Recommend controls to mitigate risks and achieve compliance based on the target framework.
  • Write implementation/control statements in the engagement’s GRC tool.
  • Lead the execution of the program, establishing mutual expectations and deadlines, as well as documenting accomplishments and action items, and ensuring timely execution.
  • Lead the participants in the program, including client representatives, IT and/or Managed Service Provider staff, security engineers.
  • Work with the audit firm to ensure the various controls meet requirements.
  • Participate in sales calls, industry events and webinars, as an industry expert, supporting marketing and sales results.

Skills Required

  • Comprehensive knowledge of cyber security and related security/compliance frameworks
  • Detailed understanding of cyber security concepts and techniques, as demonstrated by certification in one or more of the following professional certifications:
    • Certified Information Systems Security Professional (CISSP)
    • Certified Information Security Manager (CISM)
    • Certified Information Systems Auditor (CISA)
    • Certified in Risk & Information Systems Controls (CRISC)
    • Certified Data Privacy Solution Engineer (CDPSE)
    • Certified Chief Information Security Officer (C|CISO)
    • Certified Cloud Security Knowledge (CCSK)
    • CompTIA Security+
    • ITILv3
  • Security and Information Technology expertise suitable to make recommendations for implementation of technical and physical security controls, as well as execution of administrative controls.
  • Proven project management experience
  • Delivering client-focused solutions based on customer needs
  • Proven ability to manage multiple projects at a time while paying strict attention to detail and deadlines
  • Excellent verbal and written communications skills
  • Strong working knowledge and a deep understanding of what is required to evidence the security controls for formal auditing/certifications

Education and Experience

  • Bachelor’s degree required; preferably in technology or Business
  • 10 or more years of relevant Information Technology and Security experience
  • Proven experience implementing standards-based information security standards
  • Business and technology consulting

Competencies

  • Self-driven and autonomous
  • Entrepreneurial
  • Continual learner
  • Ability to prioritize among competing tasks
  • Critical thinking and problem-solving skills

Apply Here