Senior Information Security Consultant

Job Type
Full-time
Description
Position Summary:
The Senior Information Security Consultant is responsible for providing cybersecurity and risk assessment services, subject matter expert support and solutions for Heartland Business Systems' (HBS) customers. Deliverable areas could include, but are not limited to, Risk & Security Assessments, Remediation and Mitigation Recommendations, Strategic Roadmaps, Privacy and Security Policy, Procedure and Program development, Awareness and Education, and SME support. Senior Information Security Consultants at Heartland provide strategic guidance to our clients and serve as the virtual Chief Information Security Officer for multiple organizations. This position is also responsible for collaborating with sales and marketing to ensure proposed deals include technical solutions that accurately address client needs.
Roles and Responsibilities/ Essential Functions:

• Work as a member of the cybersecurity team providing consultative and proactive risk & security related support to HBS' account base.
• Assist clients with identifying gaps within existing risk & security programs and designing solutions to address those challenges.
• Support clients with the identification, development, and implementation of technological and organizational controls to support risk and security programs.
• Deliver leadership services in support of security remediation or mitigation.
• Responsible for overall project management of many large projects and may work directly with other engineering resources in addition to the client.
• Lead work in all phases of the engagement, including project planning, developing project plans, leading teams in completing tasks, client status reporting, and presenting project results to the client.
• During the entire sales process, provide sales consultants and other HBS staff with assistance, review, validation, and optimization of privacy and security solutions.
• Maintain a high level of knowledge related to privacy and security regulations (i.e. HIPAA, CMMC, PCI, GDPR, etc.) and standards best practices (NIST 800, ISO 2700X, CIS, etc.), OCR enforcement trends, HHS/OCR guidelines, and state-specific consumer-protection rules.
• Prepare articles, whitepapers, blogs and speak at industry conferences to create awareness of our brand/services as it relates to privacy, security, and risk management.
• Conduct a variety of risk assessments and provide guidance on improving processes, creating policies & procedures, and working with other HBS teams when necessary, on solution sets.
• Present educational and information sessions with clients and other staff, as appropriate.
• Develop Information Security programs and provide strategic guidance to clients while serving as vCISO.
• Build and further develop client relationships.
• Work in a team atmosphere as both a leader and contributor as assigned. At all times maintaining a professional and respectful demeanor.
• Provide input on the improvement of customer facing documentation such as proposals, statements of work, status reports, reports, marketing materials, etc.
• Provide input on the improvement of risk and cybersecurity products and services offered to clients.
• Work to attain and maintain relevant cybersecurity and risk certifications.
• Minimum of 1350 hours, or equivalent vCISO work, billed per fiscal year prorated based on start date. These charge hour requirements will be balanced against professional development and on the job training.

Requirements
Competencies

• Accountability - Accountability looks at the extent to which an individual is willing to accept responsibility.
• Active Listening - Active listening looks at the extent to which an individual actively attends to, conveys, and understands the comments and questions of others.
• Adaptability - Adaptability looks at the extent to which an individual can fit into a changing working environment.
• Communication - Communication skills look at the extent to which an individual communicates with economy and clarity, actively engaging in conversations in order to clearly understand others' message and intent, and receives and processes feedback.
• Customer Oriented - Customer orientation implies a desire to serve both external and internal clients by focusing effort on meeting the client's needs, understanding their concerns, and seeking to build trust.
• Decision Making - Decision making skills look at the ability of the individual to select an effective course of action while controlling resources and expenditures.
• Initiative: Initiative looks at the ability of the individual to act and take steps to solve or settle an issue.
• Problem Solving - Problem solving skills looks at the ability of the individual to recognize courses of action which can be taken to handle problems or potential problems, and applying contingency plans to solve those problems.
• Project Management: Project management skills looks at the ability of the individual to demonstrate an understanding of planning, organizing, staffing, directing, and controlling work tasks.
• Working Under Pressure - Working under pressure looks at the ability of the individual to maintain composure when exposed to stress.

Required Experience:

• 5+ years of related experience
• 5+ years implementing Cybersecurity Programs
• 3+ years implementing Compliance and Governance Programs

Preferred Experience:

• 7+ years of IT Systems implementation or management experience
• 5+ years implementing compliance programs
• 5+ years in leadership role

Required Skills, Education and/ or Certifications:

• CISSP or other current industry standard certifications in areas of security expertise
• Significant experience as a Security Consultant, analyst, engineer, system administrator, IT lead, or similar role focused on Information Security responsibilities
• Proven experience recommending and delivering cybersecurity, compliance, and risk management services
• Ability to identify and evaluate risk to IT systems and associated business processes and communicate risks to management
• Demonstrated experience with regulatory/compliance requirements (e.g., PCI, HIPAA/HITRUST, SOX, FISMA), Information Security frameworks and controls (e.g., NIST, ISO, CIS)
• Demonstrated experience reviewing and recommending appropriate technical, administrative, and physical controls
• Demonstrated experience selecting and implementing appropriate risk mitigation strategies to ensure IT systems remain within established risk tolerance levels
• Ability to develop policies, standards, and baseline configurations
• Strong attention to detail and ability to document findings and convey information
• Ability to manage project deliverables and deadlines
• Ability to provide superior customer service via phone and email
• Excellent professional verbal and written communication skills
• Strong listening and presentation skills
• Ability to clearly communicate with co-workers, management, clients, and vendors
• Maintain an professional appearance and vocabulary
• Ability to multi-task, prioritize, and manage time effectively

Preferred Skills, Education and/ or Certifications:

• Healthcare compliance, privacy, or security certification
• Certified Information Systems Security Professional (CISSP) or equivalent
• Certified Information Systems Auditor (CISA) or equivalent (CISM)
• Certified in Risk and Information Systems Control (CRISC) or equivalent

Equal Opportunity Employer - Including Disabled and Veterans
#HBS