Seiso is a growing information security consulting company that was founded in 2017 to enable organizations to thrive by managing information protection risks.
Role and Responsibilities
The GRC Security Consultant II will report to the Chief Executive Officer and be a part of Seiso’s Governance, Risk, and Compliance (GRC) Team consulting practice, working both independently and as part of a team to:
Proactively assist in the management of several clients and keep Seiso management updated with progress and issues.
Establish effective working relationships directly with clients.
Demonstrate and apply a thorough understanding of complex information systems. Quickly gain a working knowledge of client’s IT/Security environments through conversations and observations.
Lead assessments of client environments against industry standard frameworks to identify client’s current state of program maturity and identify applicable risks.
Work with clients to identify and document their desired maturity state and risk-balanced state and develop a gap assessment and roadmap to guide the process of maturing towards their desired state.
Work with clients to document client’s security program through the development of appropriate policies, standards, and processes.
Advise client’s teams at all levels from the C-Suite to individual contributors regarding information security governance through mediums such as presentations, reports, and visualizations.
Create, develop, and mature Seiso’s catalog of GRC services and contribute to the improvement of all Seiso services.
Contribute to the development of best practice frameworks suitable for use during assessments and improvement planning, and integration with assessment toolsets.
Contribute to the information security community, primarily focused on the areas where Seiso operates.
Support other Seiso engagements, such as those being led by the Blue Team and/or Red Team.
Continually research and learn new technologies and techniques through a mix of self-guided and formal training.
Cultivate new and existing client relationships to develop business opportunities for Seiso.
Perform other duties as assigned.
Seiso’s culture has three main tenants:
Seiso: Exemplify our name by being neat, clean, and organized.
Curiosity: Ask questions, think deeply and critically, consistently learn from and teach others, regularly improve and grow.
Be Prepared: Take initiative, be on time and prepared, optimize the use of everybody’s time.
Qualifications and Education Requirements
4 or more years of experience in Information Security with a focus on protecting companies through building a security program, security governance documentation, and engineering systems to be robust and resistant to attack.
Familiarity with common security frameworks and regulations such as SOX, HIPAA/HITECH, PCI-DSS, GDPR, NIST 800 series, FedRAMP, ITIL, ISO 27001/2, COBIT, and SOC 2.
Familiarity with risk assessment techniques and risk management program documentation.
Familiarity with approaches to assessing and managing third-party risk.
Clear understanding of emerging information security trends, including changes in security frameworks and regulatory requirements.
Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed.
Ability to write clear and concise information security policies, standards, and processes.
Ability to conduct an information security risk assessment.
Ability to conduct an information security maturity assessment.
Strong project management skills, problem solving/critical thinking skills, and verbal and written communication skills.
CISSP or equivalent training and certification.
Prior consulting experience, especially with a focus on partnering with companies to improve the robustness of their security program or establish a robust security program from scratch.
Ability to describe and communicate complex technical security concepts to technical and non-technical audiences.
Strong written and verbal communication skills, including the ability to present at information security events and conferences, and to curate content such as writing blog posts and written reports.
Telecommuting is allowed.
About Seiso, LLC
Seiso works with companies to organize and simplify their security programs by providing advisory, assessment, and technical services.
At Seiso we strongly believe in structure, organization, and simplicity. We use industry standard frameworks and classification methods to help companies understand and proactively manage risks to their critical functions and the assets that support them.