This job ad has been posted over 30 days ago...

29

applicants

GRC Consultant (QSA) Full-time

at SecureLogic (Anywhere) (Published at 14-11-2017)

Summary of Role

- Undertake PCI DSS audits and assessments.

- Provide strategic information security advisory and consulting services for all clients.

- The role encompasses delivery and management of Professional Services engagements, technical consultation and implementation, and internal strategic initiatives. Managing team members as deemed necessary, accounting to team roles and responsibility.

- Scope security engagements and support development of proposals and statements of work, effectively translating customer requirements into an engagement to meet those needs.

- The GRC Consultant role leads and delivers the following compliance type engagements as a minimum:

  • Scoping, design, implementation, and operation of PCI DSS, and related Information Security framework/ standards.
  • Conduct of PCI DSS Gap Analysis or assistance in completion of SAQ process
  • Conduct of Internal Audit (against internal information security policies and procedures, or industry standards) engagement

- Provide pre-sales support to the Sales and Marketing team. This will include as a minimum:

  • Writing of proposals
  • Providing input into proposals written by the Sales and Marketing team
  • Leading and assisting in Tender responses
  • Attending opportunity meetings with Sales and Marketing team for potential clients
  • Attending meetings with current clients for upsell opportunities

- The GRC Consultant role comprises of 2 key measurable elements. These are:

  • Delivery of Professional Services engagements (85%)
  • Generation of new business revenue, people management and strategic initiatives (15%).

- Assist sales and participate in generation and development of both inbound and outbound new business opportunities.

- The GRC Consultant role is heavily focused on all facets of Information Security, across all industries. These include:

  • Data Centre IT
  • IT Governance, Risk and Compliance
  • Network and Security Architecture
  • Secure Logic’s Managed Security Services
  • Internal business initiatives

- Manage external relationships from clients, vendors, and business partners at all levels as required.

- Maintain internal relationships with Senior Management, and other business areas as required.

- Manage and lead Professional Services and Delivery engagements as required. This may also include managing engagement teams, deliverables and engagement budget.

- Perform Professional Services and Delivery engagements related as deemed necessary and as directed by Management.

Specific Responsibility

– Manage, and deliver Professional Services and Delivery related projects as required. These include:
  • Scoping, design, implementation, and operation of PCI DSS, and related Information Security framework/ standards.
  • Consult to clients at all levels regards to Information Security standards, frameworks, guidelines, and better practice.
  • Undertake risk assessments using industry frameworks such as ISO 31000, ISO 27005.
  • Compliance engagements such as Gap Analysis, Internal Audit, External Audit
  • Manage and deliver vulnerability and penetration Testing engagement
  • Conduct security policy and framework reviews
  • Implementation of PCI DSS, ISMS, or client specific information security frameworks
  • Security architecture reviews

- Manage the delivery of the engagement (includes resources, budget, and client deliverables)

- Ensure quality of all deliverables including but not limited to:

  • Client Engagement metrics
  • Client Project Delivery
  • Internal Project Delivery

- Train and mentor junior staff within Professional Services and Delivery teams where required.

- Follow current Professional Services and Delivery processes, and provide input into process improvement as required.

- Create and be accountable for all client proposal, contracts, tenders and panel bids and any further documentation following Secure Logic’s procedure.

- At a minimum maintain a billable utilisation target of 85%.

- Present Secure Logic to potential clients and group through various communication streams.

- Ability to travel a must. Attending trade shows and events will be required.

- Lead generation for new business channel development.

- Keep abreast of current Information Security standards such as:

  • ISO 27001:2013
  • ISO 31000
  • PCI DSS
  • ISO 20000, ITIL
  • NSW Government Information Security policies, standards, and guidelines
  • Federal Government Information Security policies, standards, and guidelines
  • CSA Framework
  • ISACA guidelines
  • Any other local Information Security frameworks and requirements for Government, regulatory, and legislative requirements.

- Manage, supervise and co-ordinate the delivery of consulting or managed service projects.

- Provide assistance in the Professional Services teams group KPI reporting processes

- Track and report on all current and completed projects as required

- Provide internal status reports to Management as required.

Certification Requirement :

  • CISA or ISO 27001
  • CISM /CISSP or SANS Certification
    If already a QSA it will be a Plus point.

Note: Applications have been closed.



Recent jobs at SecureLogic


Viewed: 1225 times
« Go back to category
Is this job ad fake? Report it!   
Recommend to a friend