GRC Security Consultant & Assessor Verizon
Ashburn, VA

Job Description

What you'll be doing...

Verizon is looking to expand the Governance, Risk and Compliance Security Consulting Practice. You will provide our clients with guidance pertaining to security and privacy regulatory and industry standard requirements, security risk assessments, and GRC consulting.

In this role, you'll be responsible for:

* Working with Federal (and potentially commercial) clients in the role of Independent Security Consultant and Assessor.
* Plan and perform security assessments by evaluating network and security technologies.
* Verify system, application or business security by performing security assessments, code reviews, configuration and network design reviews.
* Interview key stakeholders across the client organization to support security assessment.
* Support and guide information risk and security discussions with technical and non-technical groups.
* Analyze client security programs for maturity and performance relating to industry accepted best practices.
* Develop recommendations for remediating risk and compliance gaps.
* Evaluate information security risk in for business environment controls and industry requirements.
* Provide client guidance for information security best practices.
* Follow standard methodologies for evaluating industry security controls based on formulized security frameworks.
* Execute in high demanding, fast paced environments with tight deadlines.
* Draft deliverable documentation to meet client security needs.
* Create security roadmaps for client security program development and improvement.
* Support GRC Practice and firm initiatives.

What we're looking for...

What you'll need to have:

* A Bachelor's degree or four or more years of experience.
* Four or more years of relevant work experience.
* Four plus years of experience in security governance, risk assessments and regulatory/controls.
* Federal experience preferred.
* Experience and understanding of industry security tool including Splunk, RSA Archer, etc.
* Experience with the evolving security and privacy controls environment, regulatory landscape and risk management techniques, principles and practices.
* Experience assessing clients needsagainst a wide variety of security and compliance frameworks (NIST (800-53, 800-37, 800-171, CSF), FISMA, FedRAMP, HIPAA, etc).
* Experience with the development and implementation of information security policies, standards and related procedures for security programs.
* A security clearance (PT, S or TS).

Even the better if you have:

* A degree ininformation technology or related field preferred.
* Experience at a professional consulting services firm a plus.
* A solid understanding of IT security technologies, including network and application security, firewalls, access management, and data protection
* Strong written and verbal communication skills, including the ability to explain technical matters to a non-technical audience
* Ability to clearly document assessment results
* Ability to take a proactive approach in building, maintaining and expanding on client relationships
* Knowledge of cloud security process(es) and technologies
* Ability to work both independently and as part of a team
* General understanding of federal contracting environment
* Preferred certifications:
* Security+
* CISSP
* CSIRC
* CISA



22CyberRISK;22CyberVES