Security Advisor – Control Assessor

About the role

At Soteria, as a Security Advisor you will make an immediate and significant impact on a growing team - protecting an ever-increasing number of clients who need assistance navigating today’s threat landscape. You will need to demonstrate and support the Soteria company culture and values, being authentic, engaged, investigative, and caring. This is accomplished through consulting with clients, collaborating with colleagues, clear, efficient, and timely communications, research on relevant security topics, and supporting team efforts for ongoing process and service improvements. 

This person  will work on complex projects to build relationships with clients, and provide detailed reports with a high level of excellence and care. In addition to the necessary technical acumen, this person must possess a multi-faceted skill set, including experience in project management, requirements gathering and analysis, key resource documentation, key performance indicator development, strategic planning, client relationship management, process improvement, and client-facing communication. 

What you'll do

• Perform control gap assessments to help organizations understand where gaps exist within client security programs.
• Provide project management tasks to ensure assessment delivery is on time and meets the client’s needs. 
• Identify gaps in desired control implements and determine appropriate recommendations for clients based on identified regulatory framework and desired controls.
• Review information system security controls and evaluate efficacy.
• Perform detailed audit-like assessments according to cybersecurity-related frameworks.
• Analyze documentation and evidence provided to verify adherence to prescribed cybersecurity-related frameworks.
• Develop and review policies, procedures, and other related documentation to ensure compliance with control frameworks.
• Write clear and well-structured reporting to detail observations and strategic recommendations, at an appropriate level for the intended audience.
• Identify cybersecurity-related regulatory requirements (e.g., PCI-DSS, HIPAA, CCPA, GDPR, NYDFS) as well as gaps in compliance, and develop strategic plans to achieve and maintain compliance.
• Work closely with clients and the Soteria team to develop remediation plans to ensure clients achieve their desired outcomes.
• Document and present findings and recommendations to clients, including C-Suite and board-level executives, in a professional manner.
• Support project team with quality assurance review of deliverables. 
• Maintain relationships with clients post-assessment in order to assist and advise as they continue to build and improve their security.
• Maintain competence in security trends, technologies, and practices through self-study and attendance of industry events.
• Conduct interviews with clients and the Soteria team to evaluate a client’s IT environment and security practices.
• Assess and research common business platforms and technologies to deliver recommendations for secure configurations.
• Maintain integrity and confidentiality for sensitive client information.

Qualifications

• 5+ years of industry experience with an understanding of the cybersecurity space
• 2+ years of experience in a cybersecurity consulting role; specifically conducting IT audits or assessments
• Familiarity with cybersecurity frameworks such as NIST CSF, CMMC,  ISO 27001, and CIS Controls
• Relevant certifications such as CISSP, CISM, CISA, etc.
• Strong knowledge of Microsoft Suite, Advanced Excel skills a plus

Candidates must be legally authorized to work full time within the United States and able to pass a background check. Some candidates may require more extensive background checks based on the project. Soteria is an Equal Opportunity Employer. Soteria does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status or any other basis covered by appropriate law. All employment is decided on the basis of qualifications, merit, and business need.