Senior Risk Advisory Consultant
Echelon Risk + Cyber
- Pittsburgh, PA
- Contract
- Full-time
- Assist in the planning, scoping, execution and reporting of cybersecurity risk and maturity assessments against frameworks such as NIST CSF, CIS, and CMMC
- Collaborating with IT management and client leadership to develop roadmaps to enhance client maturity
- Develop and maintain Cybersecurity policies and procedures
- Review and assess security and technology controls against cybersecurity best practice and compliance frameworks
- Collaborate with clients to develop Incident Response Plans, Incident Response Playbooks, and Tabletop Exercises tailored to each client's environment and needs
- Document results, create client reports and communicate results to client management and other stakeholders
- Work collaboratively with our clients and other team members and to identify information security risks and challenges and provide actionable recommendation and solutions
- Demonstrate consistency, versatility and adaptability while managing simultaneous client engagements and priorities and delivering quality results in a timely fashion
- Work with the internal team to develop and plan engagement strategies, define objectives, identify and provide recommendations to address client risks
- Create client-facing presentations, reports, and analytics
- Develop long-term roadmaps to assist clients in reaching their desired maturity level
- Perform business impact analyses and develop Business Continuity Plans and Disaster Recovery Plans
- Assist leadership in the creation of proposals, budgets, work plans and other business development efforts
- Establish exceptional internal and client relationships using strong communication skills
- Produce thought leadership for the organization's website blog on a regular basis
- Actively engage in the cybersecurity community by attending or speaking at local or national conferences
- 4+ years of related experience in the cybersecurity industry
- Focus on Governance, Risk and Compliance planning, development and management
- Knowledge of GRC Platforms/Tools to assist with Assessments and Compliance Management
- Risk management experience, including performing assessments and audits, designing information security controls and processes, and evaluating and prioritizing risk
- Experience with a variety of information security frameworks and best practices (e.g., CIS, NIST, PCI, CMMC, ISO, GLBA, FFIEC, SOX, SOC, HIPAA, HITRUST, etc.)
- Experience with incident response, business continuity, and disaster recovery planning is preferred
- Project Management experience preferred
- Certifications recommended: CISSP, CISA, CISM, or similar certification
- Ability to manage and prioritize multiple projects simultaneously and adapt in a demanding and changing environment
- Although this is not a technical oriented role, knowledge of Cloud systems, applications, security services/tools (e.g., EDR, MDR, SIEM, Vulnerability Scanning, Email Security, Backup/DR, MDM), Firewalls, Basic Networking, Data Security, IAM/SSO, etc., will be beneficial in an advisory capacity
- Displays intellectual curiosity by seeking opportunities to develop and demonstrating a willingness to learn
- Strong attention to detail and superior analytical, technical, and problem-solving skills
- Excellent verbal and written communication skills with experience crafting professional messages and adjusting communication style based on audience
- Preferred experience working with financial services, healthcare, or regulated industries
- Authorized to work in the United States