Sr. Security Consultant - Programs Strategy & Risk

As a digital and cybersecurity services company, Stratascale exists to help the Fortune 1000 transform the way they use technology to advance the business, generate revenue, and respond quickly to market demands. We call it Digital Agility.

To learn more about how we’re shaping the future of digital business and a more secure world, visit stratascale.com.

Include, but not limited to:

• Work closely with clients to understand their needs and develop tailored strategies and solutions.
• Conduct comprehensive risk assessments to identify potential vulnerabilities and recommend appropriate mitigation strategies.
• Ensure that clients adhere to relevant regulations and standards, such as GDPR, SOX, HIPAA, and others specific to their industry.
• Design and implement GRC frameworks and policies that support organizational objectives and regulatory requirements.
• Assist clients in preparing for audits, including the development of necessary documentation and processes.
• Develop and deliver training programs to enhance understanding and practices.
• Identify opportunities for process improvements and innovation within client programs.
• Deliver, facilitate, and proctor in-person workshops and remote webinars.
• Collaborate on the creation of security standards and organizational policies.
• Configure and manage workflows, risk registers, exceptions management processes, reports, and notification within GRC platforms.
• Create and/or customize training content and deliverables.
• Assist with vendor due-diligence processes and help define overall third-party risk management efforts.
• Stay abreast of industry trends and emerging risks and provide insights and recommendations to clients and internal teams.
• Lead and manage multiple projects simultaneously, ensuring timely delivery and quality outcomes.

• Bachelor’s degree in Information Technology, Business Administration, Risk Management, or a related field. A Master's degree is preferred.
• A minimum of 10 years of experience in GRC, risk management, or a related field.
• Proven track record of successfully implementing GRC frameworks and solutions in a consulting capacity.
• Proficiency with security frameworks such as NIST RMF, NIST CSF, COBIT, ISO 27001/27002.
• Experience in managing complex client engagements and building strong client relationships.
• Practical experience with one or more Security Awareness Training (SAT) platforms such as Immersive Labs, KnowBe4, and Ninjio.
• Experience with one or more of the following: TruOps, Prevalent, ServiceNow GRC, Archer, Microsoft Compliance Manager and Microsoft Purview, and/or other relevant GRC, Privacy, and/or Risk Management technologies.

• Excellent analytical and problem-solving skills with a strategic mindset.
• Strong communication and interpersonal skills, with the ability to convey complex concepts to diverse audiences.
• Ability to work independently and as part of a team.
• Strong project management skills with the ability to handle multiple priorities.
• Ability to develop training programs, curricula, and cybersecurity training content.
• Capable of creating security standards and guidelines based on industry best practices.
• Experience with legal and regulatory compliance standards such as NYDFS Cybersecurity Regulation, GDPR, HIPAA, and PCI.
• Experience leading client meetings, defining business requirements, and communicating strategic value for a diverse set of initiatives.
• Experience with IT governance, risk, and compliance management in a complex global environment.
• Proficiency in GRC tools and software platforms.
• Ability to develop security standards and guidelines based on best practices and industry standards.
• Team player with strong work ethic with attention to detail.
• Excellent written, verbal, and consultative skills (e.g., professionalism, collaboration, negotiation, conflict resolution, quick learner, etc.).

• Preferred Certifications include:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Systems Auditor (CISA)
  • Certified Information Security Manager (CISM)
  • Certified in Risk and Information Systems Control (CRISC)
• Other relevant GRC certifications are advantageous.

• Attend virtual client meetings when appropriate.
• Travel to client sites, partner sites, conferences, and Stratascale offices up to 25% annually.

• The estimated annual pay range for this position is $165,000 - $205,000 which includes a base salary and bonus. The compensation for this position is dependent on job-related knowledge, skills, experience, and market location and, therefore, will vary from individual to individual. Benefits may include, but are not limited to, medical, vision, dental, 401K, and flexible spending.
• Equal Employment Opportunity – M/F/Disability/Protected Veteran Status