Careers at Cosant Cyber Security

The Senior Security Consultant has expertise in managing and implementing cybersecurity and related compliance solutions in a consultant role. They have a comprehensive understanding of key cybersecurity domains of governance, risk and compliance, as well as how to balance business effectiveness with risk reduction.
The target candidate must be able to communicate effectively to lead C-level executives, senior managers, and IT professionals to make informed decisions that align business objectives with cyber security objectives.

Essential Functions

• Lead and support cyber security projects with the following activities:
• Manage cyber security risk assessments in a vCISO (virtual chief information security officer) capacity, based on one or more of the following security/compliance frameworks
  • CMMC, NIST 800-53, NIST 800-171, NIST CSF
  • ISO 27001 and related ISO standards
  • FedRAMP
  • SOC2, HIPAA, PCI
• Consult with client and stakeholders to align business and security objectives.
• Write/Revise System Security Plans (SSPs) and Plan of Actions and Milestones (POAM).
• Recommend controls to mitigate risks and achieve compliance based on the target framework.
• Write implementation/control statements in the engagement’s GRC tool.
• Lead the execution of the program, establishing mutual expectations and deadlines, as well as documenting accomplishments and action items, and ensuring timely execution.
• Lead the participants in the program, including client representatives, IT and/or Managed Service Provider staff, security engineers.
• Work with the audit firm to ensure the various controls meet requirements.
• Participate in sales calls, industry events and webinars, as an industry expert, supporting marketing and sales results.

Skills Required

• Comprehensive knowledge of cyber security and related security/compliance frameworks
• Detailed understanding of cyber security concepts and techniques, as demonstrated by certification in one or more of the following professional certifications:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA)
  • Certified in Risk & Information Systems Controls (CRISC)
  • Certified Data Privacy Solution Engineer (CDPSE)
  • Certified Chief Information Security Officer (C|CISO)
  • Certified Cloud Security Knowledge (CCSK)
  • CompTIA Security+
  • ITILv3
• Security and Information Technology expertise suitable to make recommendations for implementation of technical and physical security controls, as well as execution of administrative controls.
• Proven project management experience
• Delivering client-focused solutions based on customer needs
• Proven ability to manage multiple projects at a time while paying strict attention to detail and deadlines
• Excellent verbal and written communications skills
• Strong working knowledge and a deep understanding of what is required to evidence the security controls for formal auditing/certifications

Education and Experience

• Bachelor’s degree required; preferably in technology or Business
• 10 or more years of relevant Information Technology and Security experience
• Proven experience implementing standards-based information security standards
• Business and technology consulting

Competencies

• Self-driven and autonomous
• Entrepreneurial
• Continual learner
• Ability to prioritize among competing tasks
• Critical thinking and problem-solving skills