Senior Risk Advisory Consultant

Job Description

About us: At Echelon Risk + Cyber we believe in defending the basic human right to security and privacy. We are looking for an exceptional Senior Risk Advisory Consultant to be involved in the execution of Risk Advisory client engagements. This includes leading and executing relevant tasks as well as assist in the development of service deliverables and internal processes that will drive value for the future of the team and clients. Our next team member will be authentic, articulate, and passionate about Cybersecurity and is unafraid to roll up their sleeves and dive deep into the unknowns, using their security expertise to identify opportunities to increase the overall capabilities of Echelon Risk + Cyber internally and for our clients. At Echelon, you will have the opportunity to engage with systems that are at the cutting edge of technology. We allow our employees to build from the ground up and make an impact across the organization. We look for driven and proactive people that are eager to contribute to a distinct and thriving Cybersecurity services organization, that can adapt to a rapid and changing environment.

This is a remote position from anywhere in the USA.

What You Will Do:

Assist in the planning, scoping, execution and reporting of cybersecurity risk and maturity assessments against frameworks such as NIST CSF, CIS, and CMMC

Collaborating with IT management and client leadership to develop roadmaps to enhance client maturity

Develop and maintain Cybersecurity policies and procedures

Review and assess security and technology controls against cybersecurity best practice and compliance frameworks

Collaborate with clients to develop Incident Response Plans, Incident Response Playbooks, and Tabletop Exercises tailored to each client's environment and needs

Document results, create client reports and communicate results to client management and other stakeholders

Work collaboratively with our clients and other team members and to identify information security risks and challenges and provide actionable recommendation and solutions

Demonstrate consistency, versatility and adaptability while managing simultaneous client engagements and priorities and delivering quality results in a timely fashion

Work with the internal team to develop and plan engagement strategies, define objectives, identify and provide recommendations to address client risks

Create client-facing presentations, reports, and analytics

Develop long-term roadmaps to assist clients in reaching their desired maturity level

Perform business impact analyses and develop Business Continuity Plans and Disaster Recovery Plans

Assist leadership in the creation of proposals, budgets, work plans and other business development efforts

Establish exceptional internal and client relationships using strong communication skills

Produce thought leadership for the organization's website blog on a regular basis

Actively engage in the cybersecurity community by attending or speaking at local or national conferences

Your knowledge, skills, and abilities:

4+ years of related experience in the cybersecurity industry

Focus on Governance, Risk and Compliance planning, development and management

Knowledge of GRC Platforms/Tools to assist with Assessments and Compliance Management

Risk management experience, including performing assessments and audits, designing information security controls and processes, and evaluating and prioritizing risk

Experience with a variety of information security frameworks and best practices (e.g., CIS, NIST, PCI, CMMC, ISO, GLBA, FFIEC, SOX, SOC, HIPAA, HITRUST, etc.)

Experience with incident response, business continuity, and disaster recovery planning is preferred

Project Management experience preferred

Certifications recommended: CISSP, CISA, CISM, or similar certification

Ability to manage and prioritize multiple projects simultaneously and adapt in a demanding and changing environment

Although this is not a technical oriented role, knowledge of Cloud systems, applications, security services/tools (e.g., EDR, MDR, SIEM, Vulnerability Scanning, Email Security, Backup/DR, MDM), Firewalls, Basic Networking, Data Security, IAM/SSO, etc., will be beneficial in an advisory capacity

Displays intellectual curiosity by seeking opportunities to develop and demonstrating a willingness to learn

Strong attention to detail and superior analytical, technical, and problem-solving skills

Excellent verbal and written communication skills with experience crafting professional messages and adjusting communication style based on audience

Preferred experience working with financial services, healthcare, or regulated industries

Authorized to work in the United States