|Reference # : ||17-00309
||Title : ||Senior Security GRC Solutions Consultant|
|Position Type : ||Direct Placement|
|Experience Level : ||
||Start Date : ||08/28/2017
| Description |
||Secret Security Clearance Required
This is an exciting new opportunity for our clients' Professional Services delivery team has an immediate need for a Senior Security Governance, Risk, & Compliance (GRC) & Enterprise Governance, Risk, & Compliance (eGRC) Solutions Consultant.
The successful candidate will be responsible for delivering Security Solutions engagements in Medium to Large Enterprise environments. This role will be based in Ottawa with a small percentage of regional travel.
The ideal candidate will be a subject matter expert in GRC supporting both major internal projects as well as direct client facing consulting engagements. Drawing on both technical acumen and business integration capability, there is an opportunity to interact with and manage relations between both Clients and internal team members, in managing Complex, Large, and Small programs.
The Senior Security GRC Solutions Consultant will be required to have hands-on Architecture, Design and Deployment of projects experience, with varying project teams sizes.
Responsibilities & Accountabilities:
- Act as a GRC subject matter expert with developing and delivering strategic consultation engagements
- Demonstrate GRC and Business Continuity Management (BCM) subject matter expertise on strategic customer consulting engagements
- Lead and facilitate Security Assessment & Authorization (SA&A) program implementations on Federal Government solutions - internally and on customer consulting engagements
- Contribute to continuous growth of GRC and eGRC through mentorship, identification of new opportunities, and development of security solutions
- Lead engagements for designing, building processes, workflows, and technical requirements for eGRC solutions such as RSA Archer and RiskVision
- Lead the planning and implementation of Cyber Security Solutions meeting customer requirements
- Identify and recommend security initiatives and offerings for security consultation with a focus on strategic and complex security offers and solutions
- Define customer requirements for Security Solutions with a focus on GRC and eGRC but also include Identity Management Solutions and/or Infrastructure Protection Solutions, i.e. Firewalls, Intrusion prevention/detection, Access controls, Network Access Control (NAC), Data Loss Prevention (DLP), Security Information and Event Management (SIEM), etc.
Preferred Qualifications & Competencies:
- 10+ years in IT - with minimum 7 years of demonstrated experience in providing detailed Technical expertise on Security Solutions in Large Enterprise environments with a focus on Solution Implementation
- 5+ years in leading Large Security Accreditation & Authorization (SA&A) activities, recently. Activities and Deliverables include: Security Requirements Traceability Matrices (SRTMs), Threat and Risk Assessments (TRAs), Concepts of Operations (CONOPS), and Statements of Sensitivity (SoS)
- Knowledge of best practice control frameworks and regulatory requirements such as ISO, PCI, COBIT, NIST
- SRTM experience to include significant work delivered leveraging the ITSG-33 standard
- TRA experience to include significant work delivered leveraging HTRA methodology
- BCM lifecycle planning experience including Business Impact Assessment (BIA) Threat Risk Assessment (TRA), Business Continuity Planning (BCP), Disaster Recovery Planning (DRP), and Technical Recovery Planning (TRP)
- Experience in security policy creation and maintenance
- Experience in creating and assessing Security Awareness Programs
- 5+ years in gathering and translate Business and Security Requirements to Security Solutions and ensuring Customer needs are well represented
- Acting as a principal consultant in regards to developing and delivering strategic GRC and eGRC consultation engagements
- Able to communicate technical points to others at the Technical, User and Management levels
- Proven strong Project methodology and ability to work closely with project managers
- 1+ current Industry Security Certifications, such as CISP, CISM, or CRISC
- 1+ current BCM Certifications, such as CBCP/ABCP, CBCI, or EDRP
- Current Government of Canada "Secret” (or above) clearance is mandatory.
- Bachelor University Degree (or above) or Specialized College Degree in Computer Science, System Engineering or another related IT program
- Previous experience as a lead or individual consultant interfacing direct with end-customer business and technology leaders
- Experience in designing and building processes, workflows, and technical requirements for RSA Archer and other eGRC Solutions
- 1+ Technical Certifications with major Security vendors such as McAfee, Cisco, Client, Fortinet, or Symantec
- Knowledge of core Information Security Concepts related to GRC
- Bilingual with both English and French, writing and speaking, is an asset.
- Proven ability to recruit top security talent in the region to support security funnel and opportunities would be an advantage.