The Information Security Consultant will deliver security assessments to mitigate existing and future security risks. You will also propose security controls for both short term and long-term solutions in an Insurance company working closely with application development teams, infrastructure teams, and internal security teams. The position will require collaboration with various partners across the global.
* Determines security requirements by evaluating business strategies and requirements; ensuring information security standards are included in all aspects of software development life cycle; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues;
* Align standards, frameworks and security with overall business and technology strategy
* Develop security requirements based on the standards for software developments
* Help develop processes that will improve handling of day-to-day tasks.
* Create solutions that balance business requirements with information and cyber security requirements
* Design security architecture elements to mitigate threats as they emerge
* Maintains security by monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses
* Represent security at Architecture review board for all application development
* Work within projects at an application as well as cloud infrastructure level.
* Gap Analysis of cybersecurity regulations including NYDFS, CA, VT, SC, and GDPR
* 5+ years experience working directly in Information Security consulting role.
* Excellent understanding of security in an cloud environment, preferably Microsoft Azure.
* Experience collaborating with Application Development and Project teams
* Extensive experience in information security and/or IT risk management with a focus on security, performance and reliability
* Experience in developing reference security architecture
* Solid understanding of security protocols, cryptography, authentication, authorization and security
* Solid understanding of industry recognized information security frameworks such as ISO 27001 and NIST 800-53
* Good working knowledge of current IT risks and experience implementing security solutions
* Ability to interact with a broad cross-section of personnel to explain and enforce security measures
* Excellent written and verbal communication skills as well as business acumen and a commercial outlook