Information Security Consultant

The Information Security Consultant will be responsible for the implementation, assessment, and management of ISO 27001:2022, ISO 27002, and SOC 2 standards for clients. This role involves working independently or alongside senior consultants to help clients achieve and maintain information security compliance and other best practices. The consultant will focus on assessing and ensuring compliance with key security frameworks and will provide vCISO support to various clients.

Key Responsibilities:

ISO 27001/27002 Compliance:

• Assist clients in achieving ISO 27001 certification by identifying and implementing the appropriate controls within the audit scope.
• Verify compliance with ISO 27001/27002 controls and provide recommendations for improvement.

SOC 2 Compliance:

• Assist clients in achieving SOC 2 compliance by identifying and implementing the appropriate Trust Service Criteria (TSCs).
• Conduct SOC 2 compliance assessments and ensure the proper implementation of required controls.

Risk Assessment and Mitigation:

• Conduct risk assessments of business activities, collaborating with stakeholders to manage risks until closure or acceptance.
• Provide actionable recommendations to mitigate identified risks.

Policy and Procedure Development:

• Define, develop, and review information security policies, procedures, guidelines, forms, and templates in line with best practices.
• Ensure documentation is up-to-date and aligned with industry standards.

Baseline Standards Review:

• Create and review baseline standards for operating systems, databases, web servers, and applications.
• Recommend improvements based on security assessments.

Post-Implementation Audits:

• Support post-implementation audits for ISO 27001:2022 to ensure ongoing compliance.
• Monitor and assess adherence to established information security standards.

Information Security Awareness:

• Create and execute organizational information security awareness programs.
• Conduct training sessions to ensure employees are knowledgeable about security best practices.

Security Standards Compliance:

• Assist clients in ensuring compliance with various security standards (ISO 27001, SOC 2, HIPAA, NIST, CIS, PCI DSS, etc.).
• Recommend strategies to ensure long-term adherence to security best practices.

Incident Response:

• Develop and implement incident response plans to handle security breaches and cyberattacks.
• Ensure that clients have clear, actionable plans to address potential security incidents.

Gap Assessment:

• Conduct gap assessments to identify areas of non-compliance and provide remediation strategies.

vCISO Support:

• Provide virtual Chief Information Security Officer (vCISO) support to clients, advising on information security strategy and governance.

Skills and Qualifications:

Technical Skills:

• Strong background in Information Technology and/or Cybersecurity.
• Proficiency in auditing, policy development, database security, firewall design, risk analysis, identity management, access control, and web security.
• Knowledge of security frameworks including ISO 27001, SOC 2, HIPAA, NIST, CIS, PCI DSS, and other industry best practices.
• Hands-on experience with ISO 27001:2022 and SOC 2 implementations and assessments.
• Strong understanding of risk management and the ability to assess and mitigate security risks.

Presales and Communication Skills:

• Excellent client-facing communication skills.
• Strong problem-solving abilities and the capacity to work effectively in a team environment.
• Ability to communicate complex technical concepts to both technical and non-technical audiences.
• Demonstrated ability to deliver presentations and conduct training sessions.