Follow Us:

Information Security Consultant - Philadelphia, PA

BTB Security has a need for an Information Security Consultant within its professional services team. The role will support delivery of professional services to BTB Security’s CISO Advisory clients. BTB Security’s long-standing CISO Advisory Practice helps clients implement and maintain practical, effective information security programs that are commensurate with risk and aligned to business strategy. Activities will include, but are not limited to, policy development and review, vendor security reviews, compliance assessments, and security awareness campaigns. Additional responsibilities include executing information security assessments as necessary. Activities associated with this opportunity include:

  • Completing information security assessments aligned with industry frameworks like NIST CSF, ISO 27002, CIS Controls
  • Developing tactical and strategic plans for corrective action
  • Developing and maintaining policies, standards and procedures
  • Performing logical access reviews
  • Producing client-facing updates to reflect project updates, risk reporting, and status reports of open/closed issues
  • Executing third party security assessments on behalf of clients
  • Running security awareness campaigns
  • Evaluating technology solutions to better enable information security programs
  • Basic project tracking
  • Supporting clients with their internal, external and customer audit requirements

Required Technical Skills

  • Prior experience as an information security consultant or information security analyst/assessor with a strong working proficiency in the following:
    • Governance, Risk, and Compliance Assessments
    • Developing and maintaining polices, standards and procedures
    • Third-party security reviews and knowledge of attestation reports (e.g. SOC2)
  • Excellent interpersonal, communication, and presentation skills, including formal report writing experience
  • Skills in documenting risk and compliance activities, including preparing management reports
  • Proven track record of meeting/exceeding goals for quality and deadline delivery
  • Professional experience with networks and systems architecture

Education / Certifications

  • Degree in Information/Cyber Security, Technology Risk, Computer Science or Electrical Engineering or equivalent experience
  • 3-5 years’ experience working in information security, governance, risk, and/or compliance
  • Familiarity with corporate governance functions, risk assessment methodologies, and security frameworks (NIST CSF, ISO 27002, CIS Critical Controls)
  • Possess or are actively working towards a relevant certification (CISSP, GIAC, CRISC)
  • Experience working in, or exposure to, regulatory requirements like PCI-DSS and privacy (HIPAA, GDPR, GLBA)

If you are interested, please contact us and include your résumé