You will report to the Chief Executive Officer and be a part of the company’s Governance, Risk, and Compliance (GRC) Team consulting practice, working both independently and as part of a team.
Partner with clients to develop a trusted relationship
Demonstrate and apply a thorough understanding of complex information systems
Quickly gain a working knowledge of client’s IT/Security environments through conversations and observations
Lead and participate on project implementation teams for company engagements
Participate in assessments of client environments against industry standard frameworks to identify client’s current state of program maturity and identify applicable risks
Work with project team to identify and document client’s desired maturity state and risk-balanced state and develop a gap assessment and roadmap to guide the process of maturing towards their desired state
Work with project team and client to document client’s security program through the development of appropriate policies, standards, and processes
Advise others of information security concepts using presentations, reports, examples, and visualizations
Create, develop, and mature the company's catalog of GRC services and contribute to the improvement of all services
Contribute to the development of best practice frameworks suitable for use during assessments and improvement planning, and integration with assessment toolsets
Contribute to the security community, primarily focused on the areas where the company operates
Continually research and learn new technologies and techniques through a mix of self-guided and formal training
Cultivate new and existing client relationships to develop business opportunities
Proven experience in Information Security with a focus on protecting companies through building a security program, security governance documentation, and engineering systems to be robust and resistant to attack
Ability to write clear and concise information security policies, standards, and processes
Familiarity with common security frameworks and regulations such as SOX, HIPAA/HITECH, PCI-DSS, GDPR, NIST 800 series, ITIL, ISO 27001/2, COBIT, and SOC 2
Clear understanding of emerging information security trends, including changes in security frameworks and regulatory requirements
Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed
Familiarity with risk assessment techniques and risk management program documentation
Ability to conduct an information security risk assessment
Ability to conduct an information security maturity assessment
Strong project management skills, problem solving/critical thinking skills, and verbal and written communication skills
CISSP or equivalent training and certification
Prior consulting experience, especially with a focus on partnering with companies to improve the robustness of their security program or establish a robust security program from scratch
Ability to describe and communicate complex technical security concepts to technical and non-technical audiences
Strong written and verbal communication skills, including the ability to present at information security events and conferences, and to curate content such as writing blog posts and written reports
The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.
OpenArc is a technology consulting firm providing industry-leading technical talent placement, software development, and technology strategy services to clients nationwide. Through a unique blending of people and software, OpenArc has a business practice that delivers amazing enterprise, mobile and consumer-facing apps and the best talent for contract, contract-to-hire and direct placements for clients and partners alike.
Staffed with the most-trusted recruiting experts, elite software developers, UI/UX designers and market experts, our team provides clients with the best resources, the right techniques and world-class support resulting in powerful measurable success.