As a Senior Security Consultant, the individual will provide security guidance to internal IT project teams responsible for delivering business solutions. The Information Security Consultant will identify and prioritize security-related requirements, promote secure-by-default designs and ensure information systems and infrastructure will be secured throughout system development life cycle (SDLC).
The Information Security Consultant will also be expected to perform risk assessments of information systems and infrastructure, develop appropriate risk treatment and mitigation options, and effectively articulate findings and recommendations to IT project teams and management. The successful candidate must have solid background of security devices and controls used in the infrastructure development of information systems . The Information Security Specialist will be expected to work on multiple projects and tasks concurrently.
Knowledge and Skills Requirements:
• A minimum of 8-10 years of experience in an Information Security or Information Technology discipline
• One or more years of experience with mobile device security: iOS, Android, mobile applications, mobile forensics analysis, mobile application security analysis, mobile device attack and penetration testing, and secure application development (native, hybrid or HTML5).
• One or more years of experience with Enterprise Mobility Management (EMM): Mobile Device Management, (MDM), Mobile Application Management (MAM), Mobile Enterprise Application Platform (MEAP), Mobile Application Development Platform (MADP), Enterprise App Store (EAS), HTML5, and BYOD.
• Working experience in performing security assessments of applications or mobile applications.
• Experience in supporting acquisition related activities
Experience defining security control requirements related to IT infrastructure and multi-tier information systems.
• Develop appropriate risk treatment and mitigation options to address security risks identified during security review or assessments
• Knowledge of common information security standards and risk methodologies, such as: ISO 27001/27002, NIST, PCI DSS, ITIL, COBIT
• Ability to document business and technical requirements, reports, MSB’s, and presentations.
• Translate technical vulnerabilities into business risk terminology for business units and recommend corrective actions to customers and project stake-holders
• Ability to team well with others to facilitate and enhance the understanding & compliance to security policies
• Excellent interpersonal, communication, organizational, and project management skills
• Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change
• Bachelor’s degree in Computer Science or a related discipline, or equivalent work experience
• Candidates are preferred to hold or be actively pursuing related security professional certifications such as CISSP, CISM or CISA