Pratum’s team of information security consultants provide IT risk management, information security, and compliance consulting services to clients in a variety of industries. Consultants routinely perform risk assessments, audit systems for compliance, work with IT and business leaders to identify and properly mitigate risks, recommend improvements for administrative, technical and physical controls, help clarify compliance requirements and lead incident response activities. Senior Information Security Consultants at Pratum provide strategic guidance to our clients and serve as the virtual Chief Information Security Officer for multiple organizations. Senior Information Security Consultants are expected to perform the tasks listed below with little to no direct supervision.
- Audit, test, or review IT systems, network or application architecture and business processes for compliance with best practices and/or regulatory requirements.
- Review and recommend technical, administrative and physical controls to mitigate identified risk.
- Perform risk assessments of IT infrastructure and applications and make recommendations for improvements based on the client’s stated risk tolerance levels.
- Develop materials and processes to assist clients with implementing both technical and non-technical controls.
- Develop information security programs and provide strategic guidance to clients while serving as vCISO.
- Provide guidance and training to other Pratum employees.
- Assist with incident response during security events.
- Significant experience as a security consultant, analyst, engineer, system administrator, IT lead, or similar role focused on information security responsibilities.
- Ability to identify and evaluate risk to IT systems and associated business processes and communicate risks to management.
- Demonstrated experience with regulatory/compliance requirements (e.g., PCI, HIPAA/HITRUST, SOX, FISMA), information security frameworks and controls (e.g., NIST, ISO, CIS).
- Demonstrated experience reviewing and recommending appropriate technical, administrative, and physical controls.
- Demonstrated experience selecting and implementing appropriate risk mitigation strategies to ensure IT systems remain within established risk tolerance levels.
- Ability to develop policies, standards and baseline configurations.
- Strong attention to detail and ability to document findings and convey information.
- Ability to manage project deliverables and deadlines.
- Ability to provide superior customer service via phone and email.
- Ability to clearly communicate with co-workers, management, clients and vendors.
- Maintain a professional appearance and vocabulary.
Professional Certifications (e.g., CISSP, CISM, CISA, GIAC, CEH) desired.