Principal Advisory Consultant IRC286599

Description

We are looking for a Principal Auditor. 

You will lead a variety of GRC framework engagements (such as environment scoping, gap analysis, training workshops, policy and procedure development) for framework compliance. Assessing the security and compliance of client firms against regulatory and industry requirements and standards, and against security best practice frameworks, Principal Consultants are considered a Compliance Advisory subject matter expert (SME), and are a lead role in advising clients in cybersecurity program transformation activities. This role will have a strong understanding of cybersecurity frameworks (program, risk, and controls) and advisory services necessary for a successful audit against those frameworks. The Principal Consultant will lead interviews with client staff, analyze documents, and develop reports for clients. They will also provide quality control and peer review to other members of the delivery staff. They will work closely with Project Managers, Directors and other Delivery team members to effectively manage project timelines and deliverables.

The Principal Consultant (SME) is expected to leverage their technical and business experience across three (3) domains, including:
– Partner with clients to evaluate the security posture of their complex systems and to ensure alignment with regulatory compliance and effective risk management strategies. Serve as a trusted advisor by delivering actionable, best-practice recommendations to address security gaps and mitigate vulnerabilities. Collaborate with stakeholders across organizations to foster trust and promote a proactive culture of security improvements to achieve long-term security objectives.
– Mentor and develop team members to help grow the team and its capabilities
– Engage outwardly into the community through blog posts, technical white papers, forum participation and conference speaking engagements. Engage inwardly to support business and practice growth by developing Sales/Marketing collateral, innovating delivery methodologies and tools, train/mentor colleagues and serve as the SME for all topics related to your technical or compliance area of expertise

Requirements

Essential:

– Strong verbal and written communications skills are a must, as well as the ability to work effectively across internal and external organizations and virtual teams.
– Exceptional interpersonal and communication skills and an executive presence – comfortable talking with CIOs, CTOs and CISOs about complex security issues.
– Ability to think strategically about business, product, and technical challenges.
– Strong initiative.

– 7+ years of experience in an IT security audit, assessment, compliance, risk management, or data privacy role.

– A strong work ethic, thirst for knowledge, enthusiasm for tacking new challenges, and a “we, not I” mentality when it comes to teamwork and the achievement of organizational goals.
– Knowledge of the latest information risk, security and compliance innovations, trends, challenges and solutions to provide best-practice recommendations.
– Experience in leveraging security best practices and/or standards (NIST, ISO, CIS Top 20, ISSA, CSA CMMC) to solve problems for GRC programs.
– Demonstrated depth of security understanding in various sub domains such as encryption, business continuity, disaster recovery, identity and access management, incident response, change management, etc.
– Problem solving skills that contribute to the development of consultative solutions for unique client requirements.
– Experience building common compliance frameworks as well as mapping between different compliance requirements.
– Proven background in clearly writing complex technical documents that can be presented across a varied enterprise corporate audience.
– Proven ability in strategic consulting and influencing executive level decision makers both internally and externally.
– Experience leading discussions on the relationship between security, risk management, compliance, and sales/marketing.
– 3+ years of experience working with ISO/IEC 27001:2022 and/or System and Organization Controls (SOC) 2
– 7+ years of experience working with two or more of the following:
  °  ISO/IEC 27001:2022
  °  ISO/IEC 27701:2019
  °  ISO 22301:2019
  °  ISO/IEC 42001:2023
  °  ISO 9001:2015
  ° System and Organization Controls (SOC) 2
  ° National Institute of Standards and Technology (NIST) frameworks (800 series)
  ° CCSP
  ° HITRUST CSF
  ° Health Insurance Portability and Accountability Act (HIPAA)
  ° Centers for Medicare & Medicaid Services (CMS) Minimum Acceptable Risk Standards for Exchange (MARS-E) or Acceptable Risk Controls for ACA, Medicaid, and Partner Entities (ARC-AMPE)
– One or more of the following certifications:
  ° ISO: ISO/IEC 27001, ISO/IEC 27701:2019, ISO/IEC 42001:2023, and/or ISO 22301:2019 Lead Auditor/Implementer
  ° HITRUST Certified CSF Practitioner (CCSFP)
  ° CISM
  ° CISA

  ° CIPP/US
  ° CISSP

 

 

 

 

Job responsibilities

ESSENTIAL RESPONSIBILITIES:

– Work with industry and standards bodies to provide information security technical and non-technical expertise.
– Work with other teams within the client to drive customer success.
– Scope and lead on-site engagements with clients. This includes leading pre-sales calls, onsite visits, understanding customer security and compliance requirements and environments, and proposing and delivering packaged offerings or custom solution engagements.
– Develop technical content, such as security plans, procedures, policies, and white papers that can be used by our clients to assist them in elevating/building out their security and compliance programs.
– Lead delivery engagements including on-site projects working with clients to build out compliance roadmaps, architecture guidance, gap assessments, etc.
– Collaborate with engineering, support and business teams to convey partner and customer feedback.
– Serve as the practice subject matter expert (SME) for escalations, sales/marketing support, driving practice profitability and revenue.
– Provide Delivery Team Support, including: identifying process improvements, training Delivery personnel on methodologies/tools and quality topics, and mentoring Delivery personnel.
– Development of industry-wide service line thought leadership through:
    ° Authoring: methodologies, templates, white papers, work instructions, guidelines, forms, and tools
    ° Developing and delivering industry specific training, including speaking/presenting at conferences, creating webinars
– Ensure continuous professional development by maintaining industry specific certifications.
– Maintain strong depth of knowledge in the practice area including being able to provide technical recommendations for clients to mitigate risks and implement controls in-line with framework requirements
– Collaborate with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables.
– Establish account relationships and identifies upsell and cross sell opportunities and escalates to sales

What we offer

Culture of caring. At GlobalLogic, we prioritize a culture of caring. Across every region and department, at every level, we consistently put people first. From day one, you’ll experience an inclusive culture of acceptance and belonging, where you’ll have the chance to build meaningful connections with collaborative teammates, supportive managers, and compassionate leaders. 

Learning and development. We are committed to your continuous learning and development. You’ll learn and grow daily in an environment with many opportunities to try new things, sharpen your skills, and advance your career at GlobalLogic. With our Career Navigator tool as just one example, GlobalLogic offers a rich array of programs, training curricula, and hands-on opportunities to grow personally and professionally.

Interesting & meaningful work. GlobalLogic is known for engineering impact for and with clients around the world. As part of our team, you’ll have the chance to work on projects that matter. Each is a unique opportunity to engage your curiosity and creative problem-solving skills as you help clients reimagine what’s possible and bring new solutions to market. In the process, you’ll have the privilege of working on some of the most cutting-edge and impactful solutions shaping the world today.

Balance and flexibility. We believe in the importance of balance and flexibility. With many functional career areas, roles, and work arrangements, you can explore ways of achieving the perfect balance between your work and life. Your life extends beyond the office, and we always do our best to help you integrate and balance the best of work and life, having fun along the way!

High-trust organization. We are a high-trust organization where integrity is key. By joining GlobalLogic, you’re placing your trust in a safe, reliable, and ethical global company. Integrity and trust are a cornerstone of our value proposition to our employees and clients. You will find truthfulness, candor, and integrity in everything we do.

About GlobalLogic

GlobalLogic, a Hitachi Group Company, is a trusted digital engineering partner to the world’s largest and most forward-thinking companies. Since 2000, we’ve been at the forefront of the digital revolution – helping create some of the most innovative and widely used digital products and experiences. Today we continue to collaborate with clients in transforming businesses and redefining industries through intelligent products, platforms, and services.