Information Security Consultant/Advisor
🇺🇸 USA Only
RoleManagement and Finance
We are looking for a season Information Security Consultant/Advisor to consult and advise our clients on designing, implementing, and managing Information Security Management Systems (ISMS) to protect their organization's infrastructure and maintain compliance with various regulations, standards, and frameworks (ISO 27001, HIPPA, SOC 2, etc…). You will be responsible for working with our client's senior leadership and internal IT teams to advise and ensure security actions are evaluated, validated, and implemented as required.
To be successful, you should have expert analytical skills and in-depth knowledge of information security practices to proactively identify and prevent a wide range of security threats in client environments. Top candidates will also be excellent communicators; training and educating our client's key stakeholders in various information security topics.
If you thrive in a dynamic environment, like challenges, and believe work and fun are not mutually exclusive, you may be the one we're looking for. We need team players who are smart and creative, love IT assurance, and want to grow with a growing company: who are as comfortable talking with senior management about certification or attestation strategies as they are with a Developer or System Administrator about securing microservices or the latest Windows’ exploit.
This position will be responsible for:
- Consulting with our client's senior management team and their internal IT departments to improve their information security posture.
- Promote awareness of security issues among client management and ensure sound security principles are reflected in the organization's vision and goals.
- Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
- Continuously validate client organization against policies/guidelines/procedures/regulations/laws to ensure compliance.
- Identify alternative information security strategies to address organizational security objective.
- Keeping up to date with developments in the threat environment, as well as privacy and security standards.
- Conducting and/or participating in gap, risk, and business impact assessments.
- Documenting ISMS policies and procedures, updating policies and procedures, and monitoring to ensure compliance with security policies.
- Leading/overseeing third-party risk programs and assessments for clients.
The right person HAS the following characteristics (these are "non-negotiable" ):
- Personal integrity, a highly transparent nature, and a mind-set of "mutual benefit".
- Thrives on and is worthy of self-managing the projects they are responsible for (micro-management is a four-letter word at PPS).
- Has very high "Self-Expectation" (self-motivated, self-aware, self –disciplined, self-improving, and self-governed). You hold yourself to a higher standard than others do.
- Enjoys work and life, values a balance, and is looking for a company that shares those ideals (understands that you do not get a second chance to see your child's first school play and that it does not matter if the report gets done at 3:00 PM or 10:00 PM, if it gets done).
- Highly consultative and collaborative nature; someone who enjoys helping others achieve ambitious business and information assurance goals.
- Effectively and proactively communicates in writing/speech both internally/externally from the server room to the board room.
- The ability to "work from anywhere" as this role is remote/virtual in nature.
- A good sense of humor and the ability to laugh at themselves.
- Applicable Information Security and Technology experience to contextualize and make recommendations relevant and valuable.
The right person usually has the following experience (these are somewhat negotiable):
- Certifications that demonstrate to our clients our commitment to excellence in our craft (e.g., ISO 27001 Lead Implementer, CISA, CISSP, ISO 27001 Lead Auditor, CCSA, MCSE, CEH, OSCP).
- Experience working as a consultant managing/leading multiple client projects.
- Experience authoring policies and procedures.
- Experience with the myriad of regulatory compliance or privacy frameworks our client base is subject to (e.g., HIPAA, PII, PCI-DSS, SOX, STARS, NERC-CIP, GDPR, CCPA).
- Familiarity with related standards/frameworks (e.g., Secure Control Framework, SSAE-16 SOC1, ISO 27001, NIST 800-171, NIST CSF, CMMC, SOC2, ISO-22301, ISO-9001).
- A general understanding of cyber security technologies or security issues such as: Hardware or Virtual Network Firewalls, Cloud Native Firewalls, Identity and Access Management (IAM), Zero Trust, Cloud Access Security Brokers (CASB), Secure Web Gateways (SWG), Distributed Denial of Service (DDoS) protection, Web Application Firewalls (WAF), and Network Detection and Response (NDR).
About Pivot Point Security
We're a small, but growing, company. So, we do our best to keep the right people at PPS (most of our team has been together for 6+ years) by aspiring to:
- A high-performance work environment with extremely passionate, driven and experienced technical professionals. At Pivot Point Security, you will find colleagues you can respect and learn from.
- A management system where all employees participate in establishing the company's goals/initiatives and have ready visibility into the company's performance. We're working hard to create processes and metrics to measure our, *and your) success.
- An environment where relationships are important, internally and externally. We provide the highest levels of customer service and strive to always exceed our clients' expectations.
- A competitive salary (more than most) with a F100 level benefits package (e.g., medical, dental, vision, HCFSA, 401K w/ company match, 529 College Savings, vacation and personal days).
- Providing individuals, the opportunity to develop by giving them the resources required, surrounding them with great colleagues, and allowing them to take on new/big challenges.
As a Company, We:
1. Tell the Truth (Honesty is almost always the best policy)
2. Do the Right Thing (Keep commitments, over-communicate, be transparent, confident, worthy of/thrive on freedom)
3. Smile (Life is too short not to … likeability is nearly as important as competence)
4. Seek "Win-Win" (Think cooperative, not competitive - seek mutual benefit in all interactions)
5. Provide Clear and Actionable Guidance
7. Are Customer Focused
At Pivot Point Security, we don't just accept difference — we celebrate it, we support it, and we thrive on it for the benefit of our employees, our clients, and our community. Pivot Point Security is proud to be an equal opportunity workplace