• In this role, the IT Security Consultant will conduct or participate in IT security assessments of People, Process and Technologies with minimal guidance or oversight. The IT Security Consultant will evaluate controls, and gather/analyze information as necessary to evaluate the effectiveness and adequacy of the controls. The IT Security Consultant will also be responsible for the interpretation of the test results and the oral and written communication of the assessment findings to the client.
• The IT Security Consultant may be required to take a lead role in executing assessments and working closely with other teams during the assessment to deliver upon the project. Candidates must have proven experience executing projects and engaging business partners to enhance the control environment. A background in IT, Data Analytics, Security Operations, and Compliance is required.

• The IT Security Consultant is responsible for development and execution of technology-based assessments and general computer and application control reviews during complex business process reviews.

Required Experience:

• In-depth Understanding of IT Operations and Operating Environments
• Successfully leads the execution and delivery of technical audits across diverse industries.
• Independent thought leader with ability to manage the project from inception to delivery with minimal support from management.

Independently plans and executes pre and post technology/controls implementation assessments of:

• IT Systems Security Controls
• Application Security Controls
• IT Operations Security Controls
• Policy and Procedures
• Operating Environments Security Controls
• Other General Security controls.
• Demonstrate and apply a thorough understanding of complex information systems and network technologies.
• Designs and executes appropriate tests to verify the effectiveness of existing IT controls
• Knowledge of Security and Risk management Standards and frameworks, such as; ISO 27000, ISO 31000, COBIT, etc.
• Knowledge of IT Operations Standards and frameworks, such as; ISO 20000, ITIL, MOF, etc.
• Significant business knowledge, analytical skills and experience in identifying IT control risks.
• Exception written and oral communication skills.
• Ability to develop and present executive level report of identified issues and remediation strategies to reduce risk to residual levels.
• Reviews operations and programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.
• Experience with vulnerability scanning and penetration testing tools.

Knowledge:

• Database technologies, such as; SQL, Oracle, etc.
• Various directory services, including; Active Directory, LDAP, NOVELL, Etc.,
• Messaging and Collaboration technology, such as; exchange, etc.
• Network infrastructure HP, DELL, IBM, CISCO, Juniper, Etc.
• IT and IS operations management tools, like; IBM Tivoli, HP Openview, Etc.
• Data Loss Prevention tools and technologies, like; Code Green, RSA, Websense, Symantec, McAfee, Cisco, etc.
• Identity and Access Management tools and technologies.

• BS/BA degree in Management Information Systems, Computer Science, or related technical field.
• 3- 5 years of IT security work experience
• CISSP or CISA security certification

• Masters Degree in the related field
• Demonstrated knowledge of networks technology, operating systems, midrange platforms, personal computers, system development, client/server architecture, and Microsoft software products preferred.

Experience in applying relevant technical knowledge in the following areas:

• IT operations or application reviews;
• Network operations or security audits;
• ISO Standards and Management Systems; and/or
• Regulatory compliance engagements.
• Network administration certifications (e.g. CCNA, CCNP etc)
• CISA, CISSP, CISM, CRISC, MCSE, or ISO 27001 strongly preferred.