Sr. Consultant - QSA - Risk and Strategy | Remote, USA

About the position This position will be fully remote and can be hired anywhere in the continental U.S. Optiv’s consultants are skilled technical and consultative resources expected to be strong in both technical and soft skills. The Sr. Consultant – Strategy & Risk, plays a key role in delivering security solutions, conducting risk and compliance assessments and supports client engagements. This position requires a balance of technical skills, strong risk management knowledge, and client facing consulting experience to help organizations improve their security posture and achieve compliance. How you’ll make an impact: Comfortable delivering independent work or takes the engagement lead for complex projects Acts as engagement escalation point to assist other delivery team consultants Work closely with clients to define, build and implement security leading practices Conduct risk assessments, security readiness audits, gap analysis with compliance and regulatory frameworks Assess compliance with industry standards and regulatory frameworks, such as, NIST 800-171/53, ISO 27001, COSO, CMMC, HIPAA, PCI, or some combination of these Assist clients in developing risk management frameworks and mitigation strategies Provide third-party risk assessments to evaluate client’s supply chain, key vendors Support the design and implementation of cybersecurity policies, procedures, and governance frameworks Develop and refine security strategy assessments, security program plans, and POA&M Translate security operational and technical risks into business implications with recommendations for stakeholders Conduct workshops, stakeholder interviews, security awareness sessions and presentations with key client stakeholders Collaborate with Principal Consultants and Technical Managers to support client objectives Maintain clear documentation and reporting for security findings, analysis and recommendations Stay updated on emerging cybersecurity, risk management, key technologies and regulations Contribute to thought leadership through research, whitepapers and presentations Effectively provide knowledge transfer and post-production support activities as necessary

Responsibilities

• Comfortable delivering independent work or takes the engagement lead for complex projects
• Acts as engagement escalation point to assist other delivery team consultants
• Work closely with clients to define, build and implement security leading practices
• Conduct risk assessments, security readiness audits, gap analysis with compliance and regulatory frameworks
• Assess compliance with industry standards and regulatory frameworks, such as, NIST 800-171/53, ISO 27001, COSO, CMMC, HIPAA, PCI, or some combination of these
• Assist clients in developing risk management frameworks and mitigation strategies
• Provide third-party risk assessments to evaluate client’s supply chain, key vendors
• Support the design and implementation of cybersecurity policies, procedures, and governance frameworks
• Develop and refine security strategy assessments, security program plans, and POA&M
• Translate security operational and technical risks into business implications with recommendations for stakeholders
• Conduct workshops, stakeholder interviews, security awareness sessions and presentations with key client stakeholders
• Collaborate with Principal Consultants and Technical Managers to support client objectives
• Maintain clear documentation and reporting for security findings, analysis and recommendations
• Stay updated on emerging cybersecurity, risk management, key technologies and regulations
• Contribute to thought leadership through research, whitepapers and presentations
• Effectively provide knowledge transfer and post-production support activities as necessary

Requirements

• Bachelor's degree and approximately 5-7 years of related work experience, preferably in a prior consultancy role
• Hold or pursue relevant certifications in the cybersecurity and risk management industry such as, CISSP, CISM, CRISC, CCSP, CMMC CCP/CCA, ISO 27001 (Lead implementer)
• Strong understanding of cybersecurity frameworks (NIST, ISO 27001, CMMC, CIS, PCI, HIPAA, etc.)
• Hands-on experience with security assessments, risk management, compliance assessments, policy and standards and other related risk and compliance activities
• Experience working in cyber resilience including, Business Continuity Planning, Disaster Recovery, Business Impact Analysis, Operational Resilience.
• Strong analytical and problem-solving skills for cybersecurity challenges
• Excellent communication and report writing skills for client engagements
• Ability to manage multiple projects and work independently in a fast-paced environment
• Willingness to travel to meet client needs
• Valid driver's license in the US
• The successful candidate must hold related professional certifications such as the CISSP, CISM, and/or CISA
• Must be Qualified Security Assessor (QSA)

Benefits

• Work/life balance
• Professional training resources
• Creative problem-solving and the ability to tackle unique, complex projects
• Volunteer Opportunities.
• “Optiv Chips In” encourages employees to volunteer and engage with their teams and communities.
• The ability and technology necessary to productively work remotely/from home (where applicable)

Apply tot his job Apply To this Job