Follow Us:

Senior Information Security Consultant - Philadelphia, PA

BTB Security has a need for a Senior Information Security Consultant within its professional services team. The role will support delivery of professional services to BTB Security’s CISO Advisory clients. BTB Security’s long-standing CISO Advisory Practice helps clients implement and maintain practical, effective information security programs that are commensurate with risk and aligned to business strategy. Activities will include, but are not limited to, building and maintaining information security programs for BTB Security clients, performing baseline security assessments, establishing security roadmaps, and ensuring effective execution of security projects. Activities associated with this opportunity include:

  • Completing information security assessments aligned with industry frameworks like NIST CSF, ISO 27002, CIS Controls
  • Developing tactical and strategic plans for corrective action
  • Leading security program efforts for our clients and ensuring operational activities are designed and working effectively, including:
    • Policy frameworks
    • Vulnerability Management
    • Security Awareness
    • Vendor Management
    • Incident Response
    • Regulatory compliance
  • Producing client-facing technology and risk updates to all levels of management
  • Evaluating third party risk and mitigation strategies to support client outsourcing plans
  • Evaluating technology solutions to better enable information security programs
  • Supporting clients with their internal, external and customer audit/assessment requirements
  • Develop target operating models for clients in terms of staffing, budget, team structure, and supporting technology

Required Technical Skills

  • Prior experience as a senior information security consultant, manager or director with a strong working proficiency in the following:
    • Governance, Risk, and Compliance Assessments
    • Establishing effective security programs, such as vulnerability management, identity and access management, asset management and vendor security
    • Developing and maintaining policies, standards and procedures
  • Excellent interpersonal, communication, and presentation skills, including formal report writing experience
  • Skills in documenting risk and compliance activities, including preparing management reports
  • Proven track record of meeting/exceeding goals for quality and deadline delivery
  • Professional experience with networks and systems architecture

Education / Certifications

  • Degree in Information/Cyber Security, Technology Risk, Computer Science or Electrical Engineering or equivalent experience
  • Minimum 10 years’ experience working in information security, governance, risk, and/or compliance
  • Familiarity with corporate governance functions, risk assessment methodologies, and security frameworks (NIST CSF, ISO 27002, CIS Critical Controls)
  • Possess a relevant security or risk certification (CISSP, GIAC, CRISC)
  • Experience working in, or exposure to, regulatory requirements like PCI-DSS and privacy (HIPAA, GDPR, GLBA)

If you are interested, please contact us and include your résumé