TAS-AGT - Principal Consultant - Information Security & Risk Management

Job Description :

This position is a senior leadership role in IT Risk Services with the primary responsibility to drive the development, growth and service delivery execution of the security advisory business in targeted industry verticals. The Security Principal should possess vertical-specific insight on security trends, industry best practices and operational processes, as well as knowledge of enabling technologies and architectures. The successful candidate must have experience with the recent security threats, cloud and mobility trends, and governance/risk/compliance.

He/she should have or be able to develop a working knowledge of Security architectures, products and solutions capable of delivering a value proposition to the clients. Given his/her industry knowledge and end user contacts, this consultant will be expected to identify and open doors with key prospects then provide opportunity assessment, engagement creation and work closely with sales teams and other stakeholders, as well as with key delivery partners, where required.

Responsibilities :

- Provide strategic information security advisory and consulting services for enterprise clients.

- Responsible for understanding the client's business and delivering high impact consulting engagements.

- Responsible for building relationships and trusted advisor status with top executives at the client.

- Scope security engagements and support development of proposals and statements of work, effectively translating customer requirements into an engagement to meet those needs.

- Translate business, industry, and regulatory requirements into information security objectives and associated tactical/strategic information security initiatives.

- Identify sales opportunities during and after engagement; work with sales personnel to close business.

- Participate in the development of IT Risk service portfolio and methodologies

- Demonstrate the ability to multi-task, including completing client engagements and thought leadership activities.

Average travel approximately 40%, with potential up to 50% per year.

Required Skills and Experience :

- 15+ years of professional experience. Min, 10 years of relevant experience in Information Security and Risk Management

- 5+ years' experience providing advisory consulting services to Fortune 100/500 clients with strong technical and business operations expertise in the areas of cyber security, threat awareness, threat detection, security architecture frameworks, governance and compliance policies

- 2+ years of demonstrated experience in pursuing and closing large strategic consulting services engagements into Fortune 100 accounts

- Experience with Security Strategy design and related processes, Information security governance, Application and Network security including vulnerability and threat management, IT Risk Assessment frameworks covering Regulatory and other compliance obligations.

- Experience developing and implementing security policies and/or standards

- Has successfully worked with C-Level executives, chief compliance, risk and privacy officers; proven abilities to maintain relationships with key executives, companies, and a network of professional organizations or affiliations within the Security technology industry;

- Utilizing creative problem-solving abilities and a consistent consultancy mind set while working on, as well researching problems and/or issues and developing and/or offering effective solutions for, clients' initiatives and needs related to technology-related services

- Proven track record of success in managing technical and analytical teams in a professional services environment.

- Serving as a leader, including the following: supervising teams to create an atmosphere of trust; seeking diverse views to encourage improvement and innovation

Additional Experience :

Practical experience with one or more of the following :

Regulatory :

- Sarbanes-Oxley (SOX)

- Health Insurance Portability and Accountability Act (HIPAA)

- Gramm Leach Bliley Act (GLBA)

- North American Electric Reliability Council (NERC)

- Federal Financial Institutions Examination Council (FFIEC)

Industry Standards :

- International Standards Organization (ISO) 27001/27002/27005

- Payment Card Industry Data Security Standard (PCI DSS)

- ISACA Control Objectives for Information and related Technology (COBIT)

Education/Certifications :

Education : Bachelor's or master's degree in business, computer science or related field

Industry Certifications (any one of the following) : CISSP / CISM / CISA / SANS GIAC / C|EH