Security & Risk Management Consultant

Job Description

Salary: $120k-150k

We are looking for a talented security professional to join our consultancy team.

Are you passionate about information security? Do you enjoy securing high-value environments? Are you well versed in security risk assessments, and have great written and verbal communication skills? Is risk-driven decision-making your mantra? Are you a great communicator with pedagogical skills?

If you can answer: YES

to the above, then you probably want to: APPLY!

WithSecure Consulting has been present in the US for 7+ years and we have recently expanded our Security and Risk Management Team. Our security and risk management client base are rapidly growing, and we need to grow our team to meet the demand. This position will be a good match for those who have a deep technical understanding of enterprise environments in general and cloud technologies in particular. Your skills and experience will help you advise and implement security initiatives related to cloud technologies at several named clients.

The work as a security and risk management consultant is characterized by trust and we always strive for long-term client relationships and to be THE trusted information security advisor. Our vision is to provide the most qualified advisory professionals to our clients, adapted to suit their specific preconditions so that we can assist the client in improving their security posture and mitigate any risks.

Key Responsibilities

Typical client engagements are design reviews, ISMS implementations, engagements in various security projects, security audits, taking on the role as CISO or advisory on information security strategy. You will dedicate your effort to a select number of clients on long-term engagements. Your responsibilities will include:

• Delivering risk assessments
• Defining risk mitigation strategies,
• Engage with various stakeholders both within the business and IT Functions,
• Advising on how to align with expectations on risk appetite, security strategy, and budget senior stakeholders.
• Producing detailed, high-quality reports.

You will also be part of a great team working closely with extremely talented security consultants. We have a great atmosphere with a lot of fun, collaboration, and extensive learning and development opportunities.

Your key skills should be:

• Ability to perform design reviews and/or risk assessments of software and infrastructure.
• Ability to assess risk profiles based on design documentation and discussions with development teams
• Strong written & verbal communication skills
• Experience leading discussions about security risks and practices
• Ability to design and execute security strategies within frameworks such as ISO 27001, SOC 2, and PCI DSS
• Leadership in building successful security services and large-scale security engagements

What are we looking for?

We are looking for individuals that exhibit ambition, a strong work ethic, and a willingness to learn. Being a consultant at WithSecure means maintaining an indefinite, steep learning curve. You will be supported throughout your career here, but also expected to use that support to grow continuously as a leader and trusted advisor.

We appreciate and expect professional pride and integrity. Being able to develop and maintain good and long-term working relations with clients and colleagues alike will be crucial to your success.

The ideal candidate will have at least 5 years of security experience with a range of security certifications. Your current position is probably an information security consultant, security manager, security architect, or similar. Most importantly, you have a track record of successful security and/or risk management experience.

Key Requirements

• 5+ years experience in security consulting or internal security management
• Security risk management certifications such as CISSP, PCI QSA, and CISM are preferred. Offensive security certifications such as OSCP, OSCE, and OSEP will be a bonus.
• Extensive experience designing and performing risk assessments on enterprise security systems
• Experience working with security frameworks such as ISO 27001, SOC 2, and PCI DSS
• Experience with SDLC and/or SSDF is a plus
• SOC, incident response, or penetration testing experience a plus

Bonus points

Recognized certifications within risk-, security- and privacy management, IT management and project management is a plus, but not a requirement.