Senior Information Security Risk Assessment Consultant
Previous Job
Senior Information Security Risk Assessment Consultant
Ref No.: 18-00591
Location: Washington, District of Columbia
The manager is looking for a very strong candidate with risk assessment, risk framework, cloud implementation, cloud security, cloud audit, compliance for custom software and COTS software. Candidate should have a CISSP and other security certifications.
Candidate must work onsite in Washington, DC. Superior communication skills are a must.


Specific responsibilities include:
Performing application risk assessments and work with stakeholders in reviewing and managing IT risks throughout the lifecycle development process to ensure compliance of internal audit controls and upgrade/develop as necessary.
Need full lifecycle Risk Assessment development background that includes:
End-to-end Risk Based Compliance Assessments working with Information Technology partners, business requirements and technology requirements and have conversation with Sr. Management, Information Technology and Business owners.
Proven Application, Infrastructure and Cloud Assessment background is needed.
Experience defining and testing security controls and assessing how these were implemented.
Understanding of application security architecture
Experience with cloud architecture and implementation of security controls within Cloud deployments (AWS, Azure).
Clear understanding of a variety of Risk Frameworks and advantages of each for different types of risks.
Experience in reviewing business processes and providing information security requirements, conducting design reviews, conduct testing, identifying and reporting risks.
Conducting security architecture, threat modeling and design reviews.
Assist and conduct penetration and vulnerability assessments.
Risk documentation / communication with stakeholders. Ability to translate technical risks into business risks.
Experience in integrating risk management concepts and processes such as risk profile, threat models in existing Risk Management Processes.
Demonstrated IT Security expertise in Cloud technologies, Identity and Access Management, Logging and Monitoring, SDLC, Threat and Vulnerability Management, Enterprise Architecture, Incident Response.
CISSP certification is preferred. Additional certifications (CISA, GIAC, GSSP-NET, GWAPT, GPEN, CISM) a big plus.
Auditing of ArcSight is a huge plus
Superior communication skills required.