Information Security Consultant
Assurity River Group, a Minneapolis based Information Security consulting firm, is seeking new talent and expertise to assist clients in managing risk. We provide information security and business continuity assessments, planning and program management to keep clients' business assets and operations secure, available and recoverable.
The Information Security Consultant will be responsible for the delivery of information security risk assessments, policy development and related consulting services to clients, primarily in the financial services industry. The candidate will work under the direction of the practice leader and with a team of highly experienced information security professionals, utilizing a proven methodology developed by Assurity River Group based on industry best-practices.
Essential Duties and Responsibilities include, but are not limited to, the following:
- Perform Vulnerability Assessments, Penetration Testing, Regulatory Compliance Assessments, Security Awareness Training, Security Policy Development, and other Information Security Services.
- Engage in all aspects of solution delivery, from client requirements definition, scoping, and proposal writing, to hands on delivery, through creation of deliverable documentation and post-delivery presentations.
- Prepare written reports at the engineering level, manager level, and executive levels.
- Ensure assigned project tasks are completed on time and within budget.
- Contribute to the Information Security Services Practice offerings by researching market trends, products, tools and techniques to maintain and enhance subject matter expertise.
- Build client relationships and identify additional business opportunities during projects.
The requirements listed below are representative of the knowledge, skill, and/or ability required.
- Bachelors degree and/or a combination of education and professional experience
- Minimum 3 years experience in the areas of technology and IT security
- Relevant Industry Certification (CISA, CISM, CISSP, GIAC), or the willingness to obtain within first year of employment
- Advanced knowledge and experience with information security assessment tools and methodologies
- Ability to write detailed technical descriptions in precise, well-structured prose of network architecture, risks, threats, recommendations, etc.
- Ability to convey technical information, verbally and in writing, to senior management and technical audiences
- Must possess solid verbal and written communication skills to effectively identify client needs and to present findings and recommendations
- Knowledge of WAN and internet protocols, routing, switching, firewall, wireless, encryption and VPN Concepts. Ability to read and interpret configuration files to identify threats is a plus
- Understanding of Windows environments including Active Directory, Group Policy Objects, domain authentication, network shares, LAN groups, workstations and best practices for security
- General understanding of specific Windows applications: SQL, IIS, Exchange and the ability to identify security best practices for these applications
- Ability to develop accurate network diagrams from firewall and router configuration files
- Understanding of the strategies and tactics employed by hackers to attack networks
- Able to manage multiple priorities successfully within a deadline-driven environment
- Must be positive and maintain sense of humor
- Possess a strong internal drive and motivation for continuous improvement
Desirable, but not required experience:
- An understanding of one or more of the following regulatory requirements and standards: GLBA, HIPAA, SOX, PCI, ISO-27001
- Business continuity / disaster recovery experience
- Server Virtualization and related security concerns
- VoIP, IP Telephony and related security concerns
- Application Security Assessment experience
- Computer network forensics
