Sr. Risk Management Consultant

Company:  Dice
Location: Washington
Closing Date: 09/11/2024
Salary: £150 - £200 Per Annum
Hours: Full Time
Type: Permanent
Job Requirements / Description

Dice is the leading career destination for tech experts at every stage of their careers. Our client, Net2Source Inc., is seeking the following. Apply via Dice today!

Net2 Source Inc. is an award-winning total workforce solutions company recognized by Staffing Industry Analysts for our accelerated growth of 300% in the last 3 years with over 5500+ employees globally, with over 30+ locations in the US and global operations in 32 countries. We believe in providing staffing solutions to address the current talent gap - Right Talent - Right Time - Right Place - Right Price and acting as a Career Coach to our consultants.

Please Find Below The Job Description.

Position: Sr. Risk Management Consultant

Location: Washington, DC (100% REMOTE)

Travel: Week 1 and Quarterly Onsite

Type: Long Term Contract

Top 3 Skills Required for This Role:

  • Assurance guidelines, risk factors, Risk is controlled and managed across projects.
  • Risk Assessment, Security Policy being met, Any Risk being highlighted, managed and documented in ISG tool GRC ( ServiceNow, Archer)
  • Represent ISG to follow Risk Constitution

Job Description/ Responsibilities

Specific responsibilities include:

  • Senior individual contributor for information security risk management projects. Sample projects/programs could include but are not limited to:
  • Control design and assessment for high-demand technical areas such as ERP, IT Service Management, Identity and Access Management, IT Resiliency, Cloud, etc.
  • Compliance framework mapping and implementation,
  • Risk remediation management,
  • Information Security risk reporting and monitoring
  • Creation of roadmaps to mature or advance Information Security Strategies/Programs/Controls
  • Design and enablement of cyber controls functions and processes
  • Direct experience as a power user of Cybersecurity GRC/ solutions, tools, and technologies, specifically ServiceNow and Archer
  • Projects or roles requiring coordination across lines of defense working with technical, business, compliance, risk, and audit teams to deliver solutions.
  • Delivery of information security risk assessments for large-scale IT implementation projects including consulting with security architecture function for threat modeling, appropriate tiering of N tier products/platforms, design of infrastructure security controls to protect system components.
  • Practical use of risk management concepts and principles - including assessment, prioritization, delivery of treatment plans, tracking and reporting. Experience with NIST-SP800-30, ISO 27001/2, ISO 27005, COBIT.
  • Consult and review the implementation of authentication, authorization (fine grained and coarse grained), and cryptography (PKI, SSL, Kerberos, crypto algorithms) mechanisms within applications.
  • Consult with security assurance function on the delivery of technical security standards, configuration baselines and related procedures for the hardening of both cloud and non-cloud application and infrastructure components, tools, and techniques to ensure the security of application and infrastructure components such as LINUX/Windows servers, Web servers (IIS, Apache, tomcat), app servers, Databases (Oracle and MS SQL), endpoints (MAC, Windows, Apple IOS, etc.), and Web Application Firewalls.
  • Collaborate with other security functions e.g. security architecture, security assurance, offensive security team (red/purple team), application security penetration testing team, to review and apply appropriate risk levels to the output of the assessments performed by the functions.
  • Maintain impartiality around IT systems to produce unbiased reports on information security risk.
  • Works closely with IT project teams to develop implementation plans for new security-related products and services.
  • Conducts quality assurance reviews of security requirements for the implementation of identified solutions.
  • Define/enhance process and procedures for using external security service providers including scoping, management of services, remediation tracking, and exception management.
  • Effectively communicates requirements and trains staff and managers in IT divisions to identify and manage risks throughout the project lifecycle.
  • Where applicable, manages the engagement process of external risk assessment providers and acts as a liaison with internal IT project teams and business units.
  • As an advocate of information security, works closely and proactively with IT project team leaders, service providers, and business units to provide security-related technical solutions. Identifies opportunities to improve business practices or IT security-related processes.
  • Other ad hoc responsibilities may include:
  • Analyzes, recommends, and implements process improvements within the context of information security.
  • Support governance activities for Identity and Access Management, where requested.

Experience Must Include:

  • Prior work in a technical cybersecurity risk management function at organizations with security related regulatory requirements.
  • Practical use of risk management concepts and principles - including assessment, prioritization, delivery of treatment plans, tracking and reporting, and metrics (accreditation and certification). Experience with NIST-SP800-30, ISO 27001/2, ISO 27005, COBIT.
  • Embedding security into processes such as SDLC, Project Lifecycle, ITIL, etc.
  • Demonstrated cybersecurity expertise with infrastructure, applications, and database system technologies.
  • Basic IT consultancy skills. Ability to consult and deliver on the security hardening of application and infrastructure components, including tools, and techniques to ensure the security of application, database, and infrastructure components.
  • Pragmatic security expert with an inherent ability to balance security demands with business reality. Ability to quickly grasp how new technologies work and how security controls should be applied to achieve business goals.
  • Knowledge of security solutions, latest threats, and countermeasures.

Required Soft Skills:

  • Familiarity with a broad range of security technologies supplemented by in-depth knowledge in specific areas of relevance.
  • Ability to quickly grasp how new technologies work and how they might be applied to achieve business goals.
  • Analytical skills that enable synthesis of inputs from many sources and allow for strategic thinking and tactical implementation.
  • Excellent relationship management skills
  • Ability to think laterally and to have input to / propose detailed, complex solutions to technical issues.
  • Ability to work well under pressure and to meet tight deadlines. Demonstrates a high level of motivation, confidence, integrity, and responsibility.
  • Ability to be organized, responsive and to be able to effectively multi-task with a focus on driving results.
  • Demonstrate excellent interpersonal and relationship management skills. This includes the ability to work independently, effectively in a team/task force as a team member or leader, and with senior staff and managers.

Education:

  • Bachelor's degree in information security, computer science, engineering, mathematics, business, or related field of study plus a minimum of 12 years of relevant experience in regulated industries working as an information risk manager or IT security architect; OR
  • Advanced degree in Information Security, computer science, engineering, mathematics, business, or related field of study plus a minimum of 6 years of relevant experience in regulated industries working as an information risk manager or IT security architect.

Certifications:

  • CISSP or CISM (minimum required)
  • CCSP (preferred)
  • Microsoft Certified: Cybersecurity Architect Expert (preferred)
  • Other Microsoft cloud security related certifications at the Expert level (preferred)
  • GIAC certifications (preferred)
  • Offensive security related certifications (preferred)

If you are interested, please forward your resume to , You can also reach me at (+1-).

Why Work with Us:

At Net2Source, we believe everyone has an opportunity to lead. We see the importance of your perspective and your ability to create value. We want you to fit in with an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand out with opportunities to have a strategic impact, innovate, and take necessary steps to make your mark. We help clients with new skilling, talent strategy, leadership development, employee experience, transformational change management and beyond.

Equal Employment Opportunity Statement:

Net2Source is an Equal Opportunity Employer. We believe that no one should be discriminated against because of their differences, such as age, disability, ethnicity, gender, gender identity and expression, religion or sexual orientation. Our rich diversity makes us more innovative, more competitive, and more creative, which helps us better serve our clients and our communities. All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law.

Awards and Accolades:

  • America's Most Honored Businesses (Top 10%)
  • Awarded by USPAAC for Fastest Growing Business in the US
  • 12th Fastest Growing Staffing Company in USA by Staffing industry Analysts in the US (2020, 2019, 2020)
  • Fastest 50 by NJ Biz (2020, 2019, 2020)
  • INC 5000 Fastest growing for 8 consecutive years in a row (only 1.26% companies make it to this list)
  • Top 100 by Dallas Business Journal (2020 and 2019)
  • Proven Supplier of the Year by Workforce Logiq (2020 and 2019)
  • 2019 Spirit of Alliance Award by Agile1
  • 2018 Best of the Best Platinum Award by Agile1
  • 2018 TechServe Alliance Excellence Awards Winner
  • 2017 Best of the Best Gold Award by Agile1(Act1 Group)

Regards,

Amir Ahmad
Account Manager
Net2Source Inc.
Global HQ Address - 270 Davidson Ave, Suite 704, Somerset, NJ 08873, USA
Office: x 428 (EXT )|Cell: +1- |Fax: | Email:
Web: | Social: |

#J-18808-Ljbffr
Apply Now
An error has occurred. This application may no longer respond until reloaded. Reload 🗙