- Bachelor’s degree in Information Security, Information Technology,
- Information Systems Management, Computer Science, Engineering or related field(s) or equivalent demonstrated work experience.
- 6-10 years of IT experience that includes at least 5+ years of Incident
- Response, Digital Forensics and/or SOC experience.
- Experience leading a team
- Windows-based platforms, application and TCP/IP network security technologies
- Information security concepts, principles and components of a comprehensive information security program
- Control frameworks and control objectives
- The Senior Information Security Consultant – Incident response/Digital forensics leads first line of defense IT Security services, consultation, leadership and subject matter expertise to SC businesses and functions on Information Security related matters.
- They review, design and develop security operational processes, standards, and procedures utilizing current and new technologies to improve security controls and business performance.
- The Senior Consultant leads strategic information security direction that is aligned with corporate business objectives and regulatory requirements.
- Information Security Risk Management - Matures information security risk management processes, program and strategy.
- Aligns information security activities with PCI, SOX, and GLBA regulatory requirements and internal governing enterprise risk management policies. Identifies security gaps and deficiencies by conducting risk assessments; recommend corrective action of identified vulnerabilities and weaknesses. Leads the planning, testing, tracking, remediation, and risk acceptance for identified security risks.
- Oversees the creation and publication of internal controls.
- Ensures requisite compliance monitoring is in place to identify control weaknesses, compliance breaches and operational loss events.
- Ensures adequate compliance resources and training, fostering a risk and compliance focused culture and optimizing relations with corporate compliance members and regulators.
- Incident Response - Leads security incident response activities and post-event reviews of security incidents.
- Ensures the clear and professional documentation of root cause and risk analysis of all findings. Reviews and leads action plans for issue resolution.
- Leads investigation and reports contribution of security threats and incidents.