Information Security Consultant II

Posted on September 17, 2020


Madison, WI

Position Details


Job Summary

Beacon Technologies is looking to hire a skilled Information Security Consultant II to work in Sun Prairie, Wisconsin / NYC, New York OR remotely.

Job Description

This person will support Divisional Technology Services and business stakeholders on security compliance, risk and audit strategies to manage identified risks and ensure remediation and mitigation plans are adopted and adhere to security policies, standards and best practices. Often working as a team member on larger initiatives, or delivering smaller initiatives under guidance, this role will perform security compliance and risk assessments and other compliance, risk and audit advisory services as required to meet divisional regulatory driven compliance requirements and policy adherence. More responsibilities below:

  • Support Cyber Risk function performing a review of exceptions and vendor assessments using a tool called Cyber GRX.
  • Support Cyber Compliance with assisting the team in performing risk assessments / interviews, assist with data gathering/evidence and assist as needed with any report writing.
  • Contribute to development of a globally consistent Security Compliance and Risk consultancy and advisory practice, including maintenance of relevant processes and templates.
  • Assist with Technology services, Enterprise Risk, Legal and Group Audit in effectively managing technology risks and develop timely and effective remediation and mitigation plans.
  • Assists in the delivery of security and risk assessment for 3rd Party IT vendors and service providers.
  • Develop awareness of divisional technology security, risk and compliance strategies, audit support processes and remediation planning strategies that align with security effort to achieve regulatory and policy compliance.
  • Respond to security compliance, risk and audit questions and inquiries, utilizing available resources and procedures, adhering to company risk framework and policies.
  • Apply globally consistent security policy, standards, patterns, and engagement process(es) to triage and review business risk and level of security effort required to mitigate risks and reach compliance.
  • Engage the Enterprise Risk team to self-report issues and inform business and project stakeholders of potential security issues from internal sources and 3rd party IT vendors.
  • Responsible for following up on identified issues to achieve resolution through design amendment, compensating controls, or risk acceptance.
  • Prepare reports on vendor assessment and vendor risks.
  • Enhance awareness of security risk and compliance within business stakeholder and divisional IT community.
  • Build effective relationships with business stakeholders and IT teams to deliver security risk and compliance consulting services that meet stakeholder expectations.
  • Maintain high standards of service delivery to enable continuous improvement and effective response to stakeholder feedback.
  • Support the delivery of Security compliance and Risk Consultancy services ensuring compliance with appropriate SLAs and quality controls and alignment with security, regulatory and business requirements.
  • Track security compliance and risk service benefit to specifically identify areas of continuous improvement of service delivery.
  • Actively undertake personal development to ensure up to date knowledge and skills.
  • Support others in the team where appropriate to assist in the achievement of their objectives

Preferred Competencies/Skills:

  • Flexible and able to apply skills to all types of technology solutions.
  • Analytical and problem-solving skills.
  • Sound communication skills, with developing ability to communicate technical information to business users.
  • Sound customer service focus.

Preferred Knowledge:

  • Understanding of information security risk and compliance and familiarity with current trends/developments.
  • Understanding of secure SDLC processes and Project Management Methodologies.
  • Understanding of business and technical information security concepts e.g. risk management, standards, BCM, penetration testing and training awareness.
  • Some knowledge of current regulatory environment (NYDFS, APRA, GDPR, PCI, other national, state and local regulations).
  • Broad and high-level knowledge of infrastructure and application technologies. High level knowledge of control standards (COBIT, NIST etc.).
  • Research and understand emerging regulatory changes, cyber security threats and risk drivers relevant to divisional business.

About Beacon Technologies

Are you looking to advance your career in information technology? Beacon Technologies offers career advancement opportunities, extensive training, and excellent benefits including paying for health and dental premiums for salaried employees. In addition to providing interesting opportunities, Beacon Technologies provides that old fashioned, personal touch, so you feel like a part of the Beacon team.