You can apply at the link below as well:
Salary: Please submit an application and we'll email you the salary info.
The Cyber Risk Programs-App Cert Consultant III, will primarily provide services to clients related to assessing application security through a programmatic approach while also validating security controls related to an application’s software development life cycle. The position will also be expected to support Cyber Risk Program clients. The Consultant will provide leadership, coaching, and mentoring to a team of Professional Services Cyber Security Consultants and others, responsible for the delivery of the Cyber Risk Programs (CRP), Application Security Certification Program, and Cloud Security Risk Assessment Program.
- Schedule assessments that are consistent with contractual requirements.
- Conduct assessments and deliver reports that are consistent with contractual requirements.
- Speak with and present to technical teams as well as C level executives.
- Write technical reports and interpret results.
- Validate controls according to industry standards and best practice.
You have a deep background and experience with understanding how to quantify application security threats, risks & vulnerabilities and business impact variables, and how to prioritize risk initiatives based on business need, compliance & regulatory requirements, and risk reduction. You are a security expert in application security testing and control validation while willing to support other teams delivering security services we offer on a global basis.
You'll need to have:
- Bachelor’s degree or four or more years of work experience.
- Four or more years of relevant work experience.
- Experience delivering and leading technical services in cyber security governance, risk, and compliance, audits & assessments, or support & delivery of IT/Cyber security services, methods and practices.
- Experience in IT/Cyber Application Security.
- Experience with Governance, Risk & Compliance assessment/audit role.
- Knowledge of Application Security, Risk & Compliance with ability to adapt and map to multiple other frameworks.
- Industry Certifications of at least one or more related to application security such as GWAPT, OSWE, GWEB, GMOB, GXPN.
- Industry Certification of CISSP, CISM, and/or CCSP.
- Experience in translating information security controls, policies and requirements into actionable operational policies, processes & procedures and cyber security technology solutions.
- Valid Driver’s license.
- Willingness to travel both domestically and internationally up to 25% of the time.
Even better if you have one or more of the following:
- Masters in a relevant subject matter such as Cyber/Application Security.
- Multiple industry recognized IT Security Certification / Certificates from SANS, ISACA, ISC (2), CSA vendors specific to Risk Assessments, Auditing & Risk Management, Cloud Security, Application Security, Vulnerability Management, Financial & HealthCare industry security and penetration testing.
- Excellent communication and presentation skills, and comfortable and competent in presenting to both technical engineers and to “C” level executives.
- Experience with security controls, security and risk frameworks and tools/platforms such as Unified Compliance Frameworks, Alyne, ISO, NIST, VERIS, OWASP, FFIEC, FAIR, etc. and mapping of risk assessment activities to multiple risk and compliance frameworks.
- Experience in delivery or supporting large & complex global cyber security enterprise networks.
- Public speaking experience and skills in developing and presenting cyber security topics to a diverse audience both in person and via “virtual” means such as web conferencing.
- Business or service design, development or scripting/programming experience.
- Strong level of experience with standard office applications such as Google Suite, Microsoft Office Suite, Slack, video/web conferencing tools and platforms.