Previous Job
Previous
Sr. Security Consultant
Ref No.: 18-03274
Location: Santa Clara, California
Sr. Security Consultant


SUMMARY
This position will provide oversight and perform day-to-day services to ensure that CA's SaaS information and infrastructure is protected through regular evaluation, validation, and reporting of security controls. The position will manage the Information Security Risk Framework, regularly review the effectiveness of security controls, develop programs to maintain a comprehensive understanding of the current and future security risks to the organization, and regularly report on these results to the VP, SaaS Operations and appropriate governance bodies.
The Consultant must possess strong analytical, communication, and management skills with knowledge of Information Security best practices and technologies.



RESPONSIBILITIES
  • Assist in identifying emerging security risks and vulnerabilities affecting CA SaaS's environment and developing/communicating appropriate mitigating controls.
  • Develops, maintains, and delivers risk evaluation toolsets, processes, and procedures in support of Information Security best practices and Audit, Compliance, and Regulatory obligations.
  • Participates in Compliance Monitoring for Security Controls, Policies, and Requirements.
  • Establish and provide oversight for self-assessment and readiness programs for Information Security Risk evaluation tools, systems and processes.
  • Deliver best practice risk evaluation toolsets for use within all aspects of the Information Security program
  • Prepares and delivers monthly and quarterly reporting to senior leadership and executive management
  • Leverage the GRC Application environment to support all aspects of this team and function
  • Excellent written, oral and presentation skills and an ability to synthesize information and make clear, concise recommendations on course of action
  • Proven track record of successfully managing information security risk programs within the payment industry and/or regulatory environment
  • Ability to keep pace with demands of business by anticipating problems, proffering appropriate solutions and providing the leadership to effectively implement change
  • Self-driven with strong leadership skills, with demonstrated excellence in leading diverse teams in a global environment.
  • The ability to set the appropriate tone at the top, motivate staff, foster a positive culture of mutual respect and the highest ethical standards.
  • Flexible and creative thinker with strong execution skills, and the ability to provide thought leadership and wield influence beyond areas of direct responsibility

REQUIRED SKILLS
  • 5+ years of work experience in Information Security, Audit, Risk, and/or Compliance and Reporting activities, preferably for financial and/or technology companies.
  • Must have 5+ years direct participation and experience across common industry security policy areas, including, but not limited to ISO2700, Fedramp, FISMA, NIST, COSO, COBIT, PCI, FFIEC, SOX, SSAE16, and others.
  • Subject-matter expertise in information security subject matter areas (e.g. access management, data security, vulnerability management, etc.).
  • Experience providing information security or information technology consulting services to a broad range of companies and/or federal and state agencies.
  • Solid understanding of Enterprise Risk Management and Strategy frameworks as well as understanding of current enterprise threat scenario as related to financial industry.
  • Superior analytical and problem solving skills.
  • Demonstrated ability to manage implementations of large-scale, complex, multi-disciplined, cross-functional and highly visible projects/programs.
  • Proven experience working with multiple individuals on internal and external delivery and communication initiatives.
  • Ability to synthesize a variety of data points into comprehensive and effective reporting.
  • Strong executive presence and communication skills - experience in Audit/Compliance/Regulatory discussions and proactive readiness activities with internal partners and external customers/clients.
  • Experienced at presenting information to all levels, with ability to communicate and facilitate group discussions and debate across geographic, functional lines and levels.
  • Delivers effective and strong documentation to support compliance and certification audits.
  • Must be able to manage multiple tasks and priorities on tight deadlines.
  • Ability to prioritize deliverables and projects to meet timelines efficiently, to adapt to changes in priorities quickly.

DESIRED SKILLS
  • Practical experience managing multiple large-scale compliance/audit projects simultaneously, strong internal consulting, customer account management, and defining engagement scope, negotiating commitments, gathering requirements, defining deliverables, designing integrated solutions, and overseeing technical implementations considered a plus.
  • Proven experience proposing enterprise level solutions and controls to mitigate risk.
  • Bachelor's Degree in Business, Information Systems Management (or related field) or equivalent work experience in the Technology/Security space. Master's degree preferred.
    CISSP, CISA Certifications preferred.