Full-time
Description
Position Summary :
The Senior Information Security Consultant is responsible for providing cybersecurity and risk assessment services, subject matter expert support and solutions for Heartland Business Systems’ (HBS) customers. Deliverable areas could include, but are not limited to, Risk & Security Assessments, Remediation and Mitigation Recommendations, Strategic Roadmaps, Privacy and Security Policy, Procedure and Program development, Awareness and Education, and SME support. Senior Information Security Consultants at Heartland provide strategic guidance to our clients and serve as the virtual Chief Information Security Officer for multiple organizations. This position is also responsible for collaborating with sales and marketing to ensure proposed deals include technical solutions that accurately address client needs.
Roles and Responsibilities / Essential Functions :
- Work as a member of the cybersecurity team providing consultative and proactive risk & security related support to HBS’ account base.
- Assist clients with identifying gaps within existing risk & security programs and designing solutions to address those challenges.
- Support clients with the identification, development, and implementation of technological and organizational controls to support risk and security programs.
- Deliver leadership services in support of security remediation or mitigation.
- Responsible for overall project management of many large projects and may work directly with other engineering resources in addition to the client.
- Lead work in all phases of the engagement, including project planning, developing project plans, leading teams in completing tasks, client status reporting, and presenting project results to the client.
- During the entire sales process, provide sales consultants and other HBS staff with assistance, review, validation, and optimization of privacy and security solutions.
- Maintain a high level of knowledge related to privacy and security regulations (i.e. HIPAA, CMMC, PCI, GDPR, etc.) and standards best practices (NIST 800, ISO 2700X, CIS, etc.), OCR enforcement trends, HHS / OCR guidelines, and state-specific consumer-protection rules.
- Prepare articles, whitepapers, blogs and speak at industry conferences to create awareness of our brand / services as it relates to privacy, security, and risk management.
- Conduct a variety of risk assessments and provide guidance on improving processes, creating policies & procedures, and working with other HBS teams when necessary, on solution sets.
- Present educational and information sessions with clients and other staff, as appropriate.
- Develop information security programs and provide strategic guidance to clients while serving as vCISO.
- Build and further develop client relationships.
- Work in a team atmosphere as both a leader and contributor as assigned. At all times maintaining a professional and respectful demeanor.
- Provide input on the improvement of customer facing documentation such as proposals, statements of work, status reports, reports, marketing materials, etc.
- Provide input on the improvement of risk and cybersecurity products and services offered to clients.
- Work to attain and maintain relevant cybersecurity and risk certifications.
- Minimum of 1350 hours, or equivalent vCISO work, billed per fiscal year prorated based on start date. These charge hour requirements will be balanced against professional development and on the job training.
Requirements
Competencies
Accountability - Accountability looks at the extent to which an individual is willing to accept responsibility.Active Listening - Active listening looks at the extent to which an individual actively attends to, conveys, and understands the comments and questions of others.Adaptability - Adaptability looks at the extent to which an individual can fit into a changing working environment.Communication - Communication skills look at the extent to which an individual communicates with economy and clarity, actively engaging in conversations in order to clearly understand others' message and intent, and receives and processes feedback.Customer Oriented - Customer orientation implies a desire to serve both external and internal clients by focusing effort on meeting the client’s needs, understanding their concerns, and seeking to build trust.Decision Making - Decision making skills look at the ability of the individual to select an effective course of action while controlling resources and expenditures.Initiative : Initiative looks at the ability of the individual to act and take steps to solve or settle an issue.Problem Solving - Problem solving skills looks at the ability of the individual to recognize courses of action which can be taken to handle problems or potential problems, and applying contingency plans to solve those problems.Project Management : Project management skills looks at the ability of the individual to demonstrate an understanding of planning, organizing, staffing, directing, and controlling work tasks.Working Under Pressure - Working under pressure looks at the ability of the individual to maintain composure when exposed to stress.Required Experience :
5+ years of related experience5+ years implementing Cybersecurity Programs3+ years implementing Compliance and Governance ProgramsPreferred Experience :
7+ years of IT Systems implementation or management experience5+ years implementing compliance programs5+ years in leadership roleRequired Skills, Education and / or Certifications :
CISSP or other current industry standard certifications in areas of security expertiseSignificant experience as a security consultant, analyst, engineer, system administrator, IT lead, or similar role focused on information security responsibilitiesProven experience recommending and delivering cybersecurity, compliance, and risk management servicesAbility to identify and evaluate risk to IT systems and associated business processes and communicate risks to managementDemonstrated experience with regulatory / compliance requirements (e.g., PCI, HIPAA / HITRUST, SOX, FISMA), information security frameworks and controls (e.g., NIST, ISO, CIS)Demonstrated experience reviewing and recommending appropriate technical, administrative, and physical controlsDemonstrated experience selecting and implementing appropriate risk mitigation strategies to ensure IT systems remain within established risk tolerance levelsAbility to develop policies, standards, and baseline configurationsStrong attention to detail and ability to document findings and convey informationAbility to manage project deliverables and deadlinesAbility to provide superior customer service via phone and emailExcellent professional verbal and written communication skillsStrong listening and presentation skillsAbility to clearly communicate with co-workers, management, clients, and vendorsMaintain an professional appearance and vocabularyAbility to multi-task, prioritize, and manage time effectivelyPreferred Skills, Education and / or Certifications :
Healthcare compliance, privacy, or security certificationCertified Information Systems Security Professional (CISSP) or equivalentCertified Information Systems Auditor (CISA) or equivalent (CISM)Certified in Risk and Information Systems Control (CRISC) or equivalentEqual Opportunity Employer - Including Disabled and Veterans