Security, Risk, and Compliance Consultant

Summary

The Security, Risk, and Compliance Consultant will be responsible for performing cybersecurity readiness assessments, gap analyses, and maturity assessments using the Cybersecurity Maturity Model Certification (CMMC) model and the Health Insurance Portability and Accountability Act (HIPAA) model for Cyber74 clientele. The Security, Risk, and Compliance Consultant will perform technical security audits and security risk assessments for New Charter Technologies Operating Company clientele. In addition to security auditing and assessment, the Security, Risk, and Compliance Consultant will provide detailed analysis and recommendations to clients while collaborating with Operating Company colleagues to share security trends and best practices.

Primary Responsibilities

• Working under general supervision, the Security, Risk, and Compliance Consultant will be responsible for monitoring, managing, and closing existing compliance issues while also ensuring that internal and external systems are compliant with security standards
• In carrying out these functions, the Security, Risk, and Compliance Consultant’s responsibilities include the identification, evaluation, and interpretation of regulatory, statutory and member security requirements, control deficiencies, and information security risks
• Performs cybersecurity readiness assessments, gap analyses, and maturity assessments using the Cybersecurity Maturity Model Certification (CMMC) model
• Engage with clients and conduct security & risk assessments with a focus on the NIST 800-53 and 800-171 frameworks
• Consulting with end clients to gather requirements and understand our client's key business and security challenges.
• Working with team members to advise on practical and cost-effective solutions to help mitigate our clients’ cybersecurity risks and challenges
• In-depth knowledge of security regulatory compliance requirements, focusing on CMMC, NIST 800-171, and HIPAA, and translating those into business processes and security controls to enhance and support clients’ compliance status.
• Articulating and defending IT controls testing approach and performing tests of design and operating effectiveness
• Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle
• Performs vulnerability and compliance network scans, analysis of results, and provides mitigation recommendations
• Supports Cyber74 by responding timely to questions from both clients and field technical personnel pertaining to security practices, policies, and controls.  
• Collaborate with New Charter Technologies Operating Company stakeholders and personnel to share security knowledge, vulnerability trends, and analysis findings

Skills & Experience

• Experience in security/compliance-focused roles with 2-4+ years of experience performing technical security audits and risk assessments
• Experience implementing NIST 800-53, 800-171, ISO27001, and CMMC controls
• Experience performing cybersecurity readiness assessments, including maturity assessments using the Cybersecurity Maturity Model Certification (CMMC) model.
• Experience performing cybersecurity readiness assessments, including assessments using the Health Insurance Portability and Accountability Act (HIPAA) model.
• Experience in creating Supplier Performance Risk Scores (SPRS)
• Experience with other compliance frameworks (SOC, SOX, GDPR, FFIEC, etc.) is a plus
• Minimum 1+ years’ experience with cloud-based concepts with an emphasis on development and auditing AWS or Azure controls
• Well-rounded expertise and exposure to various security technologies, including Anti-Virus, Endpoint Detection and Response (EDR), Data Loss Prevention, Intrusion Prevention, Application Whitelisting, etc.
• Experienced at assessing on-premise systems, enterprise SaaS, and cloud offerings, including various infrastructure platforms such as Active Directory, Windows, Linux, etc.
• Strong working knowledge of network firewalls, switches, routers, and endpoints
• Experience working with network scanning tools such as Tenable Nessus, Qualys, or Rapid-fire Tools
• Technical knowledge of network design, cloud platform architecture, and experience with information security governance programs and control framework concepts, particularly the NIST cybersecurity framework
• Strong EQ with the ability to develop rapport and provide technical security and risk-related to technical and non-technical audiences
• Must be able to influence without authority, innovate to tackle tough problems, and communicate clearly to all levels of the organization
• Ability to thrive in a supportive, result-oriented community and are committed to the relentless pursuit of continuous growth
• Ability to coordinate multiple tasks and competing demands while working with clients, management, and project resources.

Preferred Certifications (One or More certifications of the following)

• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• GIAC Security Essentials (GSEC)
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP)
• CMMC Certified Professional
• Certified Ethical Hacker (CEH)
• A+
• Network+
• Security+

Preferred Attributes

• Highly organized and process driven
• Affinity for technology
• Strong integrity with the ability to work in a highly confidential manner
• Collaborative and flexible with a consultative mindset
• Precise and detailed, delivering consistently high-quality results
• Comfortable in a balance of tactical and strategic focus
• Strong desire to learn, grow, and follow direction
• Skilled in interfacing directly with clients and cultivating a trusted advisor role with them
• Servant-hearted with a focus on improving the lives of our customers in every action and interaction
• Expected Salary range of $80k to $110k Dependent on Experience.

Physical Requirements

Work is primarily knowledge-worker-oriented using computer systems.  Occasional exertion and lifting of up to 20 pounds to move office or computer equipment.  Occasional crawling, kneeling, and squatting.  Constant use of computer (keyboard/mouse), and phone.  Visually inspects, prepares, and analyzes data & figures, views computer constantly.  Occasional travel (car/airplane).  Occasional exposure to outdoor environmental conditions as a result of travel.    

Who We are: 

At New Charter, we’re building a caliber of business the IT industry hasn’t yet seen. We are Serving small-to-medium sized businesses in 10+ industries across North America, and we deliver best-in-class technology solutions to propel our clients into the digital world.

At New Charter Technologies, we’re investing in our people – through growth and learning initiatives, employee benefits, company innovation, and more. We are constantly seeking a diverse candidate backgrounds and perspectives to amplify inclusive hiring practices for each job opening. Our partner companies have career paths for many different role types, whether you want to be deeply technical or whiteboarding with clients, and we are committed to developing fulfilling career paths for all contributors at New Charter Technologies.  

Our teams are dedicated to pioneering breakthrough technologies, disruptive solutions, and transformative strategies. We’re the architects of change, fostering an environment where bold ideas take flight, and creativity knows no bounds. At New Charter Technologies, we’ve embraced the idea that every individual brings something special to the table. Our foundation is based on the belief that each team member plays a crucial role in our collective success. Ready to be part of a dynamic and supportive community where your unique skills and personality shine? We’re on a mission to make a difference, and we want you to be part of the story. Let’s transform the world together and build a career that’s as unique as you are!

We are looking for driven and passionate people who are excited to work in an incredibly rewarding environment. So, if you are ready to learn, be inspired, solve problems, and grow professionally, apply today!  Learn more here: Why New Charter.

New Charter Technologies is committed to creating an inclusive environment and is proud to be an equal opportunity employer. New Charter recruits, employs, trains, compensates, and promotes regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status.