Focal Point Data Risk, a CDW Company, is one that delivers a unified approach to addressing data risk through a unique combination of consulting service offerings. Focal Point has brought together industry-leading expertise in cyber security, identity governance and access management, data privacy and analytics, internal audit, and hands-on training services, giving companies everything, they need to plan and develop effective risk and security programs. By integrating these services, we provide our clients with the flexible support they need to protect and leverage data across any part of their organization. Simply put, CDW-Focal Point is the next generation of risk management.
The security industry is rapidly developing, and innovation is constant. We pride ourselves on staying ahead of the curve in delivering in-demand and creative solutions to our clients. The Cyber Security Sr. Consultant is responsible for performing engagements related to a variety of assessments and other cybersecurity projects. Sr. Consultants must understand cybersecurity frameworks and regulations, the ability to interface directly with clients to participate on successful and positive engagements, and the capacity to work with other team members and project leaders. The Sr. Consultant is an integral part of delivery team and is responsible for note taking, creating draft deliverables, building relationships with client contacts, and providing support and consulting during engagements.
What you will get to do:
- Performing cybersecurity control assessments in a wide variety of business environments, including:
- NIST Cybersecurity Framework (CSF)
- HIPAA Security Rule
- Cloud Security Controls
- Understanding of Business Impact Analyses (BIAs) along with development of business continuity and disaster recovery plans (BCPs and DRPs)
- Understanding of data protection, classification, and management controls
- Understanding of cybersecurity policies and procedures
- Providing trusted advisory services and guidance to clients that will reduce organizational risk and improve their overall security posture
- Preparing and reviewing reports and other deliverables that contain strategy, technical analysis, and findings in connection with our advisory and assessment engagements and communicating those results to client management
- Completion of engagements on time and within budget
- Assisting with business development activities, as a subject matter expert, including proposal development, sales calls, and supporting the creation of proposals and statements of work for future engagements
What you’ll need to succeed:
- 2+ years of relevant experience in the field(s) of IT Audit, Consulting, and/or Security, Privacy or Risk Management.
- Previous experience in a Big4 consulting and/or other consulting firm preferable.
- Understanding of or experience with industry and regulatory frameworks and standards, including but not limited to: PCI DSS, NIST SP 800-30, NIST CSF, ISO 27000 series, Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM), Center for Internet Security (CIS) Top 20 Critical Security Controls (CSC), HIPAA Security Rule and HITECH Act, and information security requirements of Generally Accepted Privacy Principles (GAPP)
- Understanding and/or experience assessing firewalls, server operating systems, security tools (e.g., anti-virus, intrusion detection/prevention systems), and cryptography
- Understanding of network, database, and application-level security
- Advanced written and verbal communication skills
- Interpersonal skills and the ability to foster close professional relationships with clients
- Project management skills and the ability to participate on multiple projects and teams in parallel
- Analytical skills and the ability to understand complex client business processes
- An understanding of the importance of business ethics
- Qualities such as professionalism, attention to detail, strong organizational skills, team-focus, dedication, resourcefulness, and an eagerness to learn
- Strong proficiency with Microsoft Windows, MacOS, and the Microsoft Office suite of products, (i.e. Word, Excel, Visio, PowerPoint)
- Bachelor’s degree in Management Information Systems, Computer Information Systems, Computer Science, Engineering or a related field;
- Obtained or working towards Certified Information Systems Security Professional (CISSP) certification. (Candidates that do not yet possess the CISSP will be required to obtain the certification after hire.)
- CISA, CIPP, CISM, PCI-QSA, CCSP, or related certifications are a plus.
Travel and Location:
- Ability to travel up to 40%
CDW is committed to maintaining a workplace that is free of known hazards and to ensuring the safety, health, and well-being of coworkers and candidates for employment and their families, as well as the community.
CDW requires all coworkers be fully vaccinated against COVID-19, with the only exceptions being a documented, legally required medical or religious accommodation. Prior to starting with CDW, successful candidates will be required to: (i) be fully vaccinated against COVID-19 and provide CDW with proof of full vaccination; or (ii) apply for and receive a medical or religious-based accommodation to be exempt from the mandatory vaccination policy.