Principal Consultant, Security Governance

This is a fully remote position, open to applicants in United States.

📋 Description

• Oversee client engagements and project implementation by providing information security consultancy and assessment services, assisting our clients in fulfilling their compliance requirements by analyzing their business, technology, and operations against industry security benchmarks.

• Educate, mentor, and advise clients and colleagues, sharing your expertise to facilitate informed decisions on subjects such as Artificial Intelligence, organizational security strategies, and the scope of services, while also offering consultative guidance on intricate projects.

• Present clear and organized findings and recommendations to clients, while monitoring progress towards resolution and compliance.

• Consult and advise C-level Security Executives (CISO, CSO, CIO, etc.) and the Board of Directors for our most valued and strategic clients.

• Formulate strategic, operational, and tactical recommendations tailored to each client to enhance their security posture and compliance stance.

• Create comprehensive strategic security roadmaps that include short-term, mid-term, and long-term objectives, prioritizing remediation recommendations, and addressing all instances of non-compliance with relevant regulatory, statutory, contractual, and organizational obligations.

• Lead extensive security engagements in collaboration with other cybersecurity practices and Presidio teams.

• Develop security policies, standards, and procedures customized to each client’s unique culture, security objectives, and organizational goals, utilizing industry best practices and compliance requirements.

• Review, analyze, and evaluate key elements, including inherent risk, mitigating controls, business impact, likelihood, and other critical factors to assess organizational security risk.

• Ensure and evaluate client alignment to, and/or compliance with, relevant regulatory, federal, state, local, contractual, and organizational standards and best practices, such as ISO 27001, NIST Cyber Security Framework (CSF), PCI DSS, HIPAA, FERPA, NIST 800-171, CMMC, etc.

• Collaborate closely with organizations to develop security programs by establishing the foundation for a best-in-class security program architecture reference model using industry frameworks and standards such as ISO 27001, NIST 800-53, NIST CSF, etc.

• Work alongside other experienced Principal Security Consultants in a cooperative environment to support and assist in the execution and delivery of essential services such as Cloud Governance, Advisory Services, security program development, documentation review, and security consulting services.

• Conduct tabletop exercises after collaborating with client stakeholders to select the scenario, followed by the creation of an After-Action Report.

• Provide PCI Advisory Services, including PCI Gap Analysis, SAQs, ROCs, and AOCs.

• Offer CMMC Advisory Services, including CMMC Readiness Assessments.

• Assist leadership in cybersecurity administrative functions, such as maintaining documentation, creating documentation, peer review, and other internal cybersecurity activities.

⛳️ Requirements

• Bachelor’s Degree in Information Security, IT, Computer Science, or Engineering preferred, or equivalent work experience and/or military service.

• 5-8 years of prior consulting experience.

• 5-8 years of experience in conducting Information Security risk and compliance assessments.

• 5-8 years of experience in evaluating compliance with regulatory and key IT standards such as HIPAA, PCI DSS, NIST CSF, ISO 27001, and other similar standards/frameworks.

• Cloud experience with AWS, Azure, or Google Cloud Platform, or non-foundational certification for any of these cloud platforms, or one of the following cloud-agnostic certifications: Certified Cloud Security Professional (CCSP), Certificate of Cloud Security Knowledge (CCSK), GIAC Cloud Security Essentials (GCLD).

• Hold at least one of the following accredited, industry-recognized professional certifications from each list: List A ISC2 Certified Information System Security Professional (CISSP), ISACA Certified Information Security Manager (CISM), Certified ISO 27001 Lead Implementer; List B ISACA Certified Information Systems Auditor (CISA), GIAC Systems and Network Auditor (GSNA), Certified ISO 27001 Lead Auditor, Internal Auditor 1 IRCA ISMS Auditor or higher—e.g., Auditor/Lead Auditor, Principal Auditor, IIA Certified Internal Auditor (CIA).

🏝️ Benefits

• Health insurance

• 401(k) matching

• Flexible work hours

• Paid time off

• Professional development opportunities