Information Security Senior Consultant (Remote)

Reference : 17823 Status Category: Full-Time Exempt/Non-Exempt: Exempt Scheduled Hours Per Week: 40 Job Code: FS205RA CBIZ Risk & Advisory Services offers consulting, outsourcing and co-sourcing services to public and private companies of all sizes by providing national caliber expertise combined with highly personalized service. As part of CBIZ, (NYSE: CBZ), one of the top financial services providers in the country, CBIZ Risk & Advisory Services provides internal audit, Sarbanes-Oxley compliance, cybersecurity, supply chain management, ESG and risk consulting services to leading businesses across North America. With over 120 offices and nearly 7,000 associates throughout the U.S. CBIZ (NYSE: CBZ) delivers top-level financial and employee business services to organizations of all sizes, as well as individual clients, by providing national-caliber expertise combined with highly personalized service delivered at the local level. CBIZ is honored to be the recipient of several national recognitions for 2023: Best and Brightest Companies to Work for in the Nation Top Workplaces USA Top Workplaces - Financial Services Industry Best and Brightest Companies in Wellness Great Place to Work Certification Together, CBIZ and CBIZ CPAs are ranked as one of the top providers of accounting services in the United States. CBIZ CPAs is an independent CPA firm that provides audit, review and attest services, while CBIZ provides business consulting, tax and financial services. In certain jurisdictions, CBIZ CPAs operates under its previous name, Mayer Hoffman McCann P.C. As an Information Security Senior Consultant, you will be an influential member of our Cybersecurity consulting practice. You will have the opportunity to work on a range of cybersecurity advisory projects. As an experienced cybersecurity professional, you will develop superior relationships with the leadership and personnel of our client organizations to directly impact their success by delivering high quality services. You will have the opportunity to work with some of the most entrepreneurial companies in the nation - the fast-growing, innovative companies that are the backbone of business across America. You have the opportunity to develop a deep understanding of your client's business, goals and needs, and increase your functional expertise. CBIZ has a growing Risk and Advisory Services National Cybersecurity Practice. With the recent acquisition of two firms that employed cybersecurity consultants, the team has come together as "OneCyber" practice and includes a large client base and many areas of cybersecurity focus. CBIZ is looking for consultants that want to help our clients get better by reducing risk. We do this through a multitude of engagements, ranging from hands on implementation assistance to cybersecurity reviews, risk assessments, audit and security assessments. CBIZ utilizes industry standard frameworks and other best in class technologies to assess our clients' environments. (e.g., NIST CSF, ISO 27001, CMMC, HIPAA, CIS CSC) The Information Security Senior Consultant will contribute to client projects and project teams to provide professional services to the firm's clients. Duties will include involvement in a variety of cybersecurity projects such as infrastructure, cloud and security tools analysis, architectural design, risk management. Activities will include documentation and analysis of client technical environments, -development of security policies and procedures, onsite and remote reviews of technology architecture, including operations technology systems such as SCADA/ICS and communicating findings and recommendations to clients in both writing and verbally. This individual will demonstrate technical and professional knowledge of cybersecurity practices. He or she will play an active role in developing and coaching less experienced team members, providing guidance and timely feedback. Essential Functions and Prima y Duties Perform security assessment and compliance activities using NIST, CSC, ISO and other related frameworks. Perform security architecture review (SAR) to ensure design best practices and standards are met. Create workpapers and reports accurately portraying client evidence. Engage with client projects for a variety of clients and industries, consistently delivering quality client services within expected timeframes and on budget. Work with sense of urgency and the ability to shift focus as needed throughout the day. Identify, evaluate, and effectively communicate significant exposures to security risks, breakdowns in controls, and other related concerns. Communicate in writing findings to both technical and non-technical audiences. Successfully balance multiple projects at once, regularly communicating status and issues to CBIZ management and Managing Directors. Support the research of emerging technology, requisite security requirements, and emerging threats and develop a way-forwards to meet organizational goals. Research security standards, security systems and authentication protocols, keep abreast with latest trends in the cybersecurity industry. Understand effective information technology processes, including best practices and internal control approaches. Interact with and effectively communicate with clients or other third parties as necessary. Manage conflict with clients and/or team members in a professional, confident matter. Develop relationships with team members across the firm to better serve client needs. Assist the firm through participating in training, company-wide projects, and human resource initiatives. Accurately represent and record project time and expenses. Travel is estimated to be less than 20-25%. Preferred Qualifications Minimum of 3 years of hands-on experience in a technology or cybersecurity-based industry. A Bachelor's degree in a technology or business field or equivalent work experience. Experience in a client facing role. A relevant professional certification such as Network, Security, CCNP, CISSP, CISA, CISM, Microsoft MCSE, Azure, and/or other technical certifications is a must. Strong knowledge of and hands on experience with various security architectures (Zero Trust Architecture) and infrastructure technologies required. Hands on configuration experience with networking technologies such as: next generation firewalls, switches, routers, and wireless controllers with working knowledge of TCP/IP addressing and protocols, ACLs, routing, VLANs, segmentation. Hands on experience with vulnerability scanning tools (e.g.,Qualys) a plus. Functional knowledge and administrative experience with PC, server, virtualization, and storage systems. Knowledgeable in technologies such as: Active Directory, Federation, Multifactor Authentication, SSO, IDS, IPS, Host Based Firewalls, WAF (Web Application Firewall), DNS, DHCP, HTTPS/TLS, SSH, SMTP, Syslog, Key Management, PKI, Tokens, SAML, OAUTH. Security experience with cloud-based technologies such as Microsoft 365, Azure, AWS. Understanding of cryptographic trust based systems a plus. Functional knowledge of identity, authentication and authorization systems. Basic understanding of database security. Knowledgeable in compliance standards like: HIPAA, CMMC, PCI, CCPA, Subscriber PII, GDPR preferred. Experience with SIEM technologies preferred. Experience with industrial control systems or IoT technologies is a plus. Proficient at the secure software development life cycle and DevSecOps is a plus. Coding exper