Information Security Consultant / Information Security Analyst

Job Description

Job Summary:

We are looking for a skilledInformation Security Consultantwith extensive experience in IT audits, SOX testing, ITGC, and regulatory compliance, includingISO 27001, NIST, and PCI DSS. The ideal candidate will have expertise in risk assessments, Gap assessment, control testing, and ensuring compliance with industry standards.

Key Responsibilities:

• Audit & Compliance:
• Conductexternal and internal IT auditsfollowing ISO 27001, SOX, and other regulatory frameworks.
• PerformIT General Controls (ITGC) assessmentsand ensure compliance with cybersecurity frameworks such asNIST 2.0, PCI DSS, and ISO 27001:2022.
• Identify control deficiencies and recommend corrective actions to improve security posture.
• ConductCyber Maturity Assessmentsand risk evaluations.
• Conducting GAP assessments.
• Client Engagement & Advisory:
• Act as a primary contact forclient engagements, audit planning, and risk advisory services.
• Lead and facilitateclient meetings, walkthroughs, and audit discussions.
• Provide strategic recommendations, develop security roadmaps, and present findings to senior stakeholders.
• Risk Management & Governance:
• Evaluaterisk management practicesand ensure mitigation of security vulnerabilities.
• Assist in the implementation of securitybest practices, policies, and frameworks.
• Managethird-party/vendor risk assessmentsand ensure compliance.
• Reporting & Documentation:
• Prepareaudit reports, risk assessments, and compliance documentation.
• Develop and maintain Standard Operating Procedures (SOPs) for future audits.
• Track remediation progress and ensure implementation of security measures.

Technical Skills:

Technical Expertise:

• Hands-on experience inSOX IT controls, ITGC, risk assessment, and compliance audits.
• Strong knowledge ofISO 27001, NIST CSF, PCI DSS, and other cybersecurity frameworks.
• Proficiency in security audits, control testing, and compliance management.

Competencies:

• Excellentcommunication and stakeholder managementskills.
• Strong analytical and problem-solving abilities.
• Ability to work independently and manage multiple audit engagements.
• Exposure to multi-client audit engagements in GRC, IT Risk, and Cybersecurity frameworks.