The Client seeks a skilled and experienced Security Consultant to enhance and maintain its robust security infrastructure. The ideal candidate will be responsible for assessing, planning, and implementing security measures to protect the university's digital assets, facilities, and sensitive information. This role will work collaboratively with various departments to identify vulnerabilities, ensure compliance with applicable standards, and educate staff on security best practices.
Key Responsibilities
Risk Assessment and Analysis
Perform security risk assessments across IT systems, physical infrastructure, and operational workflows.
Identify vulnerabilities and recommend appropriate remediation measures.
Develop risk mitigation plans aligned with the Client's goals and compliance requirements.
Security Strategy and Implementation
Design and implement robust security protocols and systems to protect university assets.
Oversee the deployment of security technologies, such as firewalls, intrusion detection systems, and data encryption tools.
Coordinate with IT teams to ensure the security of networks and cloud infrastructure.
Compliance and Governance
Ensure compliance with federal, state, and university-specific regulations, including FERPA, HIPAA, and PCI DSS.
Develop and maintain security policies, procedures, and standards.
Prepare and submit audit reports and documentation for internal and external stakeholders.
Incident Response and Management
Lead investigations into security breaches or other incidents.
Develop and execute incident response plans, minimizing potential impacts.
Collaborate with law enforcement and external agencies when required.
Training and Awareness
Conduct security awareness training
Provide guidance on secure practices, including data protection, password management, and phishing prevention.
Qualifications
Required Education and Experience:
Bachelor's degree in Cybersecurity, Information Technology, or a related field (Master's preferred).
Minimum of 5 years of experience in information security, risk management, or related roles.
Technical Skills:
Proficiency in security frameworks like NIST, ISO 27001, or CIS.
Experience with security tools such as SIEM, firewalls, endpoint protection, and vulnerability scanners.
Knowledge of cloud security best practices for platforms like AWS, Azure, or Google Cloud.
Certifications (Preferred):
Certified Information Systems Security Professional (CISSP).
Certified Information Security Manager (CISM).
Certified Ethical Hacker (CEH).
GIAC Security Essentials (GSEC).
Soft Skills:
Strong analytical and problem-solving abilities.
Excellent communication and presentation skills.
Proven ability to work collaboratively with cross-functional teams.