Alacrinet
Overview
Client is seeking a seasoned Senior Information Security Consultant to support and strengthen our growing cybersecurity and compliance program. This consultant will partner closely with the VP of Information Security & GRC and internal stakeholders to lead and guide several high-impact initiatives related to vulnerability management, audit remediation, and compliance.
This role requires a security expert who can operate independently, provide strategic and tactical direction, and drive results across a dynamic technology and business environment.
Responsibilities SOX/ITGC Remediation & Audit Support
Lead remediation of ITGC deficiencies, ensuring alignment with SOX and PCI-DSS 4.0 requirements.
Coordinate evidence collection, walkthroughs, and responses for internal and external audits (PwC, SOC 1 Type 2, etc.).
Support bi-annual access reviews and control testing.
PCI Compliance
Provide guidance on scope, controls, and evidence collection in preparation for the PCI ROC assessment.
Partner with stakeholders to ensure adherence to PCI Level 1 merchant requirements.
Policy & Standards Management
Review, update, and support implementation of cybersecurity policies and standards, including Email Archiving & Retention, Access Control, and AI Governance & Use policies.
Draft communication plans and support training or awareness efforts related to policy changes.
Risk & Third-Party Management
Assist with developing a risk register and processes for risk assessment and acceptance.
Lead the development of a Third-Party Risk Management program, including vendor risk assessments, ongoing monitoring, and integration with procurement and compliance workflows.
Support the design and implementation of an Application and Cloud Security program.
Provide guidance on secure development practices, CI/CD integration, and cloud security controls.
Analyze and prioritize findings from penetration tests and ensure remediation plans are executed.
Vulnerability Management and Security Assessment Recommendations
Assist with the end-to-end vulnerability management lifecycle across cloud and on-premises environments.
Collaborate with internal teams to drive remediation efforts and validate the closure of critical and high-risk findings.
Strengthen vulnerability tracking processes, including metrics, reporting, and governance.
Lead the remediation of penetration test findings and support implementation of West Monroe cybersecurity recommendations.
Program Maturity & Advisory
Advise on security best practices and contribute to maturing CHW’s cybersecurity program in alignment with NIST CSF 2.0.
Provide guidance and mentorship to internal security team members on ongoing initiatives such as MSSP migration, PCI compliance, and vulnerability management.
Qualifications
8+ years of experience in Information Security, with recent experience in a leadership, consulting or advisory roles
Proven expertise in vulnerability management, audit remediation, and policy development
Strong understanding of SOX, PCI-DSS (especially v4.0), and NIST CSF 2.0 frameworks
Experience working with ITGC audits and external auditors
Familiarity with tools such as Microsoft Defender, Snyk, Github, and major cloud platforms (Oracle, Azure, Salesforce)
Excellent communication and stakeholder engagement skills
Ability to work independently and drive initiatives with minimal oversight
Seniority level
Mid-Senior level
Employment type
Contract
Job function
Information Technology
Industries
IT Services and IT Consulting
#J-18808-Ljbffr
This role requires a security expert who can operate independently, provide strategic and tactical direction, and drive results across a dynamic technology and business environment.
Responsibilities SOX/ITGC Remediation & Audit Support
Lead remediation of ITGC deficiencies, ensuring alignment with SOX and PCI-DSS 4.0 requirements.
Coordinate evidence collection, walkthroughs, and responses for internal and external audits (PwC, SOC 1 Type 2, etc.).
Support bi-annual access reviews and control testing.
PCI Compliance
Provide guidance on scope, controls, and evidence collection in preparation for the PCI ROC assessment.
Partner with stakeholders to ensure adherence to PCI Level 1 merchant requirements.
Policy & Standards Management
Review, update, and support implementation of cybersecurity policies and standards, including Email Archiving & Retention, Access Control, and AI Governance & Use policies.
Draft communication plans and support training or awareness efforts related to policy changes.
Risk & Third-Party Management
Assist with developing a risk register and processes for risk assessment and acceptance.
Lead the development of a Third-Party Risk Management program, including vendor risk assessments, ongoing monitoring, and integration with procurement and compliance workflows.
Support the design and implementation of an Application and Cloud Security program.
Provide guidance on secure development practices, CI/CD integration, and cloud security controls.
Analyze and prioritize findings from penetration tests and ensure remediation plans are executed.
Vulnerability Management and Security Assessment Recommendations
Assist with the end-to-end vulnerability management lifecycle across cloud and on-premises environments.
Collaborate with internal teams to drive remediation efforts and validate the closure of critical and high-risk findings.
Strengthen vulnerability tracking processes, including metrics, reporting, and governance.
Lead the remediation of penetration test findings and support implementation of West Monroe cybersecurity recommendations.
Program Maturity & Advisory
Advise on security best practices and contribute to maturing CHW’s cybersecurity program in alignment with NIST CSF 2.0.
Provide guidance and mentorship to internal security team members on ongoing initiatives such as MSSP migration, PCI compliance, and vulnerability management.
Qualifications
8+ years of experience in Information Security, with recent experience in a leadership, consulting or advisory roles
Proven expertise in vulnerability management, audit remediation, and policy development
Strong understanding of SOX, PCI-DSS (especially v4.0), and NIST CSF 2.0 frameworks
Experience working with ITGC audits and external auditors
Familiarity with tools such as Microsoft Defender, Snyk, Github, and major cloud platforms (Oracle, Azure, Salesforce)
Excellent communication and stakeholder engagement skills
Ability to work independently and drive initiatives with minimal oversight
Seniority level
Mid-Senior level
Employment type
Contract
Job function
Information Technology
Industries
IT Services and IT Consulting
#J-18808-Ljbffr