Principal Consultant, Security Governance

This is a fully remote position, open to applicants in United States.

📋 Description

• Oversee client engagements and manage project execution by offering information security consultation and assessment services, assisting clients in fulfilling their compliance requirements through evaluations of their business, technology, and operations against industry security benchmarks.

• Provide education, mentorship, and expert advice to clients and colleagues, facilitating informed decisions on themes such as Artificial Intelligence, organizational security strategy, and service scope while offering consultative guidance on intricate projects.

• Present clear and organized findings along with recommendations to clients, while monitoring progress towards resolution and compliance.

• Consult and advise C-level Security Leaders (CISO, CSO, CIO, etc.) and Board members for our most valued and strategic clients.

• Formulate strategic, operational, and tactical recommendations customized for each client, aimed at enhancing their security posture and compliance standing.

• Develop comprehensive strategic security roadmaps featuring short-term, mid-term, and long-term goals that prioritize remediation suggestions and address all forms of non-compliance with relevant regulatory, statutory, contractual, and organizational obligations.

• Lead significant security engagements in collaboration with other cybersecurity practices and Presidio teams.

• Create security policies, standards, and procedures that are specifically tailored to each client's distinct culture, security objectives, and organizational goals, employing industry best practices and compliance standards.

• Evaluate, analyze, and assess crucial factors such as inherent risk, mitigating controls, business impact, likelihood, and other significant elements to gauge organizational security risk.

• Ensure and evaluate client alignment and/or compliance with applicable regulatory, federal, state, local, contractual, and organizational requirements, and best practice standards like ISO 27001, NIST Cyber Security Framework (CSF), PCI DSS, HIPAA, FERPA, NIST 800-171, CMMC, etc.

• Collaborate closely with organizations to develop security programs by laying the groundwork for a top-tier security program architecture reference model utilizing industry frameworks and standards such as ISO 27001, NIST 800-53, NIST CSF, etc.

• Work alongside other experienced Principal Security Consultants in a cooperative environment to support and assist in the execution and delivery of key services including Cloud Governance, Advisory Services, security program development, documentation review, and security consulting services.

• Implement tabletop exercises in collaboration with client stakeholders to choose the scenario and then produce an After-Action Report.

• Provide PCI Advisory Services, including PCI Gap Analysis, SAQs, ROCs, and AOCs.

• Deliver CMMC Advisory Services, encompassing CMMC Readiness Assessments.

• Support leadership with cybersecurity administrative functions such as documentation maintenance, creation, peer review, and other internal cybersecurity tasks.

⛳️ Requirements

• Bachelor's Degree in Information Security, IT, Computer Science, or Engineering is preferred, or equivalent work experience and/or military experience.

• 5-8 years of prior consulting experience.

• 5-8 years of experience performing Information Security risk and compliance assessments.

• 5-8 years of experience assessing compliance with regulatory and key IT standards such as HIPAA, PCI DSS, NIST CSF, ISO 27001, and other comparable standards/frameworks.

• Cloud experience with AWS, Azure, or Google Cloud Platform, or a non-foundational certification for any of these cloud platforms, or one of the following cloud-agnostic certifications: Certified Cloud Security Professional (CCSP), Certificate of Cloud Security Knowledge (CCSK), GIAC Cloud Security Essentials (GCLD).

• Hold at least one accredited, industry-recognized professional certification from each of the following lists: List A: ISC2 Certified Information System Security Professional (CISSP), ISACA Certified Information Security Manager (CISM), Certified ISO 27001 Lead Implementer; List B: ISACA Certified Information Systems Auditor (CISA), GIAC Systems and Network Auditor (GSNA), Certified ISO 27001 Lead Auditor, Internal Auditor 1 IRCA ISMS Auditor or higher—e.g., Auditor/Lead Auditor, Principal Auditor, IIA Certified Internal Auditor (CIA).

🏝️ Benefits

• $sr