Cosant Cyber Security advisors, consultants and vCISOs all have a unique blend of business savvy, information technology experience and deep information security expertise. Our staff is fluent in communicating with all staff from technicians to engineers to the C-suite and Board of Directors.
Our advisors, consultants and vCISOs are required to pass a comprehensive background check with FBI’s Infragard program, hold a B.S. Degree in Information Technology or a subfield and maintain current CISSP, CISM or PMP certification status. Additionally, 5 years of direct experience providing executive level IT and Cyber Security leadership is required. Many of our staff have these qualifications in tandem with decades of progressive information technology and security experience.
Senior Security Consultant
The Senior Security Consultant is a proven expert in information security concepts and functions. In this role, you will consult, strategize and lead Cosant clients in a wide range of information security projects to reduce exposure and risk, and achieve compliance requirements.
The Senior Security Consultant has expertise in managing and implementing cybersecurity and related compliance solutions in a consultant role. They have a comprehensive understanding of key cybersecurity domains of governance, risk and compliance, as well as how to balance business effectiveness with risk reduction.
The target candidate must be able to communicate effectively to lead C-level executives, senior managers, and IT professionals to make informed decisions that align business objectives with cyber security objectives.
Lead and support cyber security projects with the following activities:
Manage cyber security risk assessments in a vCISO (virtual chief information security officer) capacity, based on one or more of the following security/compliance frameworks
CMMC, NIST 800-53, NIST 800-171, NIST CSF
ISO 27001 and related ISO standards
SOC2, HIPAA, PCI
Consult with client and stakeholders to align business and security objectives.
Write/Revise System Security Plans (SSPs) and Plan of Actions and Milestones (POAM).
Recommend controls to mitigate risks and achieve compliance based on the target framework.
Write implementation/control statements in the engagement’s GRC tool.
Lead the execution of the program, establishing mutual expectations and deadlines, as well as documenting accomplishments and action items, and ensuring timely execution.
Lead the participants in the program, including client representatives, IT and/or Managed Service Provider staff, security engineers.
Work with the audit firm to ensure the various controls meet requirements.
Participate in sales calls, industry events and webinars, as an industry expert, supporting marketing and sales results.
Comprehensive knowledge of cyber security and related security/compliance frameworks
Detailed understanding of cyber security concepts and techniques, as demonstrated by certification in one or more of the following professional certifications:
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified Information Systems Auditor (CISA)
Certified in Risk & Information Systems Controls (CRISC)
Certified Data Privacy Solution Engineer (CDPSE)
Certified Chief Information Security Officer (C|CISO)
Certified Cloud Security Knowledge (CCSK)
Security and Information Technology expertise suitable to make recommendations for implementation of technical and physical security controls, as well as execution of administrative controls.
Proven project management experience
Delivering client-focused solutions based on customer needs
Proven ability to manage multiple projects at a time while paying strict attention to detail and deadlines
Excellent verbal and written communications skills
Strong working knowledge and a deep understanding of what is required to evidence the security controls for formal auditing/certifications
Education and Experience
Bachelor’s degree required; preferably in technology or Business
10 or more years of relevant Information Technology and Security experience
Proven experience implementing standards-based information security standards