What is the general purpose of this position?
CompliancePoint is looking for a talented Associate Security Consultant to join our Security Assurance practice. The individual within this position will have a direct opportunity to deliver consulting, assurance and audit services to our clients helping them mitigate risk and demonstrate compliance with the applicable framework(s) ISO 27001, SOC 2, PCI DSS, and NIST CSF. Working within the security assurance group at CompliancePoint will provide you the flexibility to learn each of these frameworks and be able to provide immediate impact and value to our clients by understanding their environments and problem-solving their challenges.
Right out of the gate from Day 1, you will be working alongside our Senior Security Consultants, Technical Managers, and Practice Director. You will be provided with hands on training, mentoring and coaching and opportunities to lead within the client setting to jump start your career within information security. After initial training by your own team members, you will be working closely with our current clients and new clients in the future to identify issues, evaluate controls, and find opportunities to improve our clients’ environments. This will include, but is not limited to, data gathering techniques, document reviews, interviews and system tests.
- Have a “Client-First” mentality to ensure that we are meeting and exceeding client objectives and providing a one-of-a-kind positive experience for our clients
- Execute various tasks daily under the oversight of the senior individuals on the team throughout the client projects
- Assess and review compliance posture of clients via evidence review, walkthroughs, and client conversations
- Participate and lead discussions with clients on various compliance topics.
- Maintain a minimum of 75-85% client chargeable utilization (at least 30-34 hours of billable time) throughout each week (with total time for the week still being a minimum of 40 hours)
- Develop strong technical skills through client engagements and outside trainings and research
- Research changing regulatory issues and compliance changes within the industries that our clients are in
- Conduct and write-up consultative deliverables with attention to detail and accuracy, on-time completion and strong quality
- Work on multiple client projects at-a-time, while prioritizing appropriately based on deliverables and timelines
- Focus on client needs and goals, promptly responding to questions with consultative support and recommendations
- Develop and present on various compliance topics to peers and clients
- Develop professional relationships with clients to maintain a high degree of trust and brand awareness
- Maintain a positive and professional attitude with clients (externally) and with the team (internally)
- This is a hybrid position with the ability to work from home or from the office depending on your preference. You will be required to come into the office periodically based on client projects, to connect with the team, and to ensure on-time delivery to client deadlines. Our business casual office is located in Duluth, GA.
- At least a Bachelor’s Degree in Management Information Systems, Computer Science or Information Security, or similar. (Emphasis on security principles or compliance or cybersecurity is a plus)
Experience and Skill Requirements
- Be a team player and come to work each day with a positive attitude and a willingness to learn
- Responsive in emails and instant messages
- Strong verbal and written communication skills
- Basic understanding of networking technologies and cybersecurity concepts
- Be proficient in Microsoft Products (Excel, Word, PowerPoint, Outlook)
- Follow direction and deliver timely on critical project milestones
- Conduct yourself with professionalism in all interactions with clients/customers and the team.
- Willingness to strive for continuous improvement and take on additional responsibility to help out the team when needed
- Bring a positive “can do” attitude to our team!
- Ideas are always encouraged and embraced!
- Willing to travel at least 20-30%
Other Skills We Are Looking For
- Experience conducting compliance or security assessments within the following areas: PCI, ISO, NIST, and SOC.
- Technical knowledge and understanding of Microsoft Windows
- Technical knowledge and understanding of various Linux distributions
- Cloud security knowledge (Azure, AWS, and Google Cloud)
- Project management experience
- Any of the following certifications:
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional (CISSP)
- Payment Card Industry Qualified Security Assessor (PCI-QSA)
- Payment Card Industry Internal Security Assessor (PCI-ISA)
- ISO 27001 Lead Auditor Certified
We offer a competitive salary with an extensive benefits package, including paid vacation and holidays, medical / dental / vision / supplemental insurance, pet insurance, FSA and HSA with company matching, cell phone and home internet reimbursement, travel reimbursement on client trips, and a 401K plan with company matching.
Our business casual office is located in Duluth, GA, and we conduct fun team events and meals together at least bi-monthly.
A Different Kind of Consulting & Audit Company
The difference is simple — we understand the importance of compliance and risk mitigation at a procedural level. That comes from our history of successful consulting and audit engagements, including those for many Fortune 500 firms and global industry leaders.
But more importantly, we understand the impact non-compliance and risk exposure can have on businesses.
We collaborate with companies to design and implement strategies, processes, and procedures that help mitigate risk, reach compliance goals, protect data assets, and meet industry standards.
“Enable responsible customer interaction”
“Deliver world class services and technology helping customers manage risk within privacy, information security, and their vendor network”
To apply for this position please send an email with a copy of your resume to email@example.com
Does your company use email to communicate with your prospective and current customers? If so, are your emails in compliance with the CAN-SPAM requirements?