Sr. Cybersecurity Consultant (CISO Advisory)
United States /
Client Service /
We are seeking a (Remote)Senior Consultant, Cybersecurity to support our growing practice that provides CISO advisory services to small-to-medium-sized companies in need of a virtual CISO. The Senior Consultant is responsible for planning and executing various engagements including, gap/readiness assessments, policy and procedure documentation, vendor risk managements, risk assessments, external audit assistance.As such, the Senior Consultant is charged with assisting in various facets of the core business including, but not limited to, documentation assistance, project management, participation in sales meetings, proposal writing, and other consulting engagements.
Strong Candidates will Check Most of These Boxes:
- Three (3+) years of relevant experience in information security consulting, preferably from a large national consulting or CPA firm
- Experience performing gap assessments against regulatory and industry frameworks, including the ability to facilitate working sessions with clients to identify, analyze, risk rank and prioritize gaps and associated remediation recommendations.
- Experience documenting and implementing information security policies and supporting procedures.
- Working knowledge of concepts related to incident management, security awareness training, business continuity/disaster recovery, vulnerability management, and compliance activities.
- Experience responding to vendor due diligence or third party risk management in general.
- Strong project management from client interactions, milestone management, setting and hitting deliverables, and follow through.
- Working knowledge of regulatory or industry frameworks related to information security, including SOC, ISO 27001, HIPAA Security Rule, NIST CSF, HITRUST, CSA STAR, NYDFS, CIS Top 20)
- Experience leading or participating in information security audits, specifically SOC and ISO 27001 audits.
- Working knowledge of technologies across the following areas preferred: IaaS/PaaS: AWS, GCP, Azure, Heroku, Digital OceanInfrastructure systems: Windows OS, Linux (e.g., Ubuntu, Debian, Amazon Linux), SQL Server, PostgreSQL, MySQL, Terraform, Kubernetes, Docker Change management tools: GitHub, BitBucket, GitLab, Jenkins, CircleCI, Maven, etc. Vulnerability management tools: Qualys, BurpSuite, TenableEndpoint protection: Jamf, Kaseya, Carbon BlackSecurity monitoring: Threat Stack, AlertLogic, AWS Inspector, AWS Systems Manager, Google Security Command Center, Azure Security Center Incident alerting: PagerDuty, Ops Genie, Victor Ops
- Familiarity with tools, such as GSuite, JIRA, Confluence, Slack, Trello, Notion, Guru
- Excellent interpersonal, written and verbal communication skillsExemplary time-management skills with the ability to juggle multiple projects and priorities
- Must be a team player, passionate about the BARR mission and have an innovative mindset
- One or more of the following certifications is preferred:Certification Information Systems Auditor (CISA)Certified Information Systems Security Professional (CISSP)Certification Information Security Manager (CISM) Security +
- Preferred, but not required, bachelor’s degree from an accredited university in information systems, cyber security, or information technology-related field IT or a related field. If experience and applicable certifications are achieved, degree not required.
- Travel to client locations and for company events (0-25%)
- Work from home office, from any where in the US
- Monthly reimbursement for home / office / equipment
- Competitive pay, paid holidays, unlimited PTO (we encourage our associates to take at least 5 weeks off/year)
- Generous benefits + 401k plan with employer matching
- Stock Appreciate Rights
- Continuing Ed support and reimbursement for industry certifications (CISA, CPA, ISO Assessor, PCI QSA, etc)
- Amex Platinum + Perks
- Fun, collaborative, and inclusive team environment!
BARR Advisory is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, gender identity, sexual orientation, national origin, disability status, protected veteran status, or any other characteristic protected by law.
We are proud to be an inclusive workplace and are committed to hiring and developing diverse talent, which includes making reasonable accommodations to enable individuals with disabilities to perform the essential functions.
Unfortunately, at this time, we cannot consider candidates that require sponsorship to work in the US, now or in the future. We are also not in a position to consider candidates that currently reside outside of the United States.