Information Security Consultant Job Description
Information security consultant
provides guidance on building and/or maturing information security programs, detecting and responding to computer security incidents, and implementation of tools and technologies used for enterprise security.
Information Security Consultant Duties & Responsibilities
To write an effective information security consultant job description, begin by listing detailed duties, responsibilities and expectations. We have included information security consultant job description templates that you can modify and use.
Sample responsibilities for this position include:
Provide consulting services to Project teams and their Business units to assist in their security design in order to identify potential risks
Participation in Security Reviews, Walkthroughs, Privacy Assessments, and Risk Assessments
Preparation of Security Risk Assessments
Participation in the Security Exemption approval process
Track and archive application security documents
Educate key organizational stakeholders on application security matters and impacts on the organization
Facilitate Client DD and RFP
Facilitate client calls/meetings
Represent the ISO on various division wide committees
Participant in Risk management Forums
Information Security Consultant Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Information Security Consultant
List any licenses or certifications required by the position: CISSP, CISA, CISM, ISO, ITIL, PCI, SANS, QSA, GIAC, CEH
Education for Information Security Consultant
Typically a job would require a certain level of education.
Employers hiring for the information security consultant job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and University Degree in Computer Science, Information Security, Information Technology, Engineering, Technical, Information Systems, Education, Business, Technology, Graduate
Skills for Information Security Consultant
Desired skills for information security consultant include:
Tools and technologies used for enterprise security
Incident response
Areas of security operations
Computer forensics
Malware analysis
Security event analysis
Tools used in penetration testing
Analyzing
Collecting
Network and endpoint architecture
Desired experience for information security consultant includes:
Fundamental concepts of administrative, technical, and physical controls (e.g., access control, change control, technical baselines, anti-virus)
Ability to establish and maintain relationships with individuals at all levels, across country units, in both IT and the business
Demonstrated ability to lead individuals who are not in a direct reporting relationship
Knowledgeable about information security trends and practices, and emerging technology
Ability to assess business needs and plans technology capabilities, and provide solutions in the context of organizational and cultural needs
Ability to present complex topics clearly and effectively to diverse audiences orally and in writing
Information Security Consultant Examples
1
Information Security Consultant Job Description
Job Description Example
Our company is growing rapidly and is searching for experienced candidates for the position of information security consultant. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for information security consultant
- Understand how to conduct a security incident response/investigation and other investigations including forensic and data collections
- Conduct security incident response/investigations and forensic and data collection services as needed as a back up to primary team members performing this service
- Works to identify areas of risk and/or inefficiencies develop and recommend "best practices" and implement solutions
- Assists in development of current and proposed workflows for key business office functions and associated projects and new processes that are being implemented including requirements definition, business analysis documents, and standard operating procedures
- Creates management reporting Funds flow, lost business, requisition reporting, division dashboard, with an eye towards enhancing, streamlining and reducing level of effort required to generate reports
- Create security documentation including requirements definitions, risk assessments, high level and detailed design documents and risk and recommendation documentation
- Lead security design efforts on projects and guide and collaborate with other members of the security team
- Host and conduct presentations to the security group, CIT and business users as required
- Develop a strong working relationship with the security and network engineering teams and the Information Security Office to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements
- Lead a team of Information Security Consultants to provide subject matter expertise to project teams
Qualifications for information security consultant
- CISA/CISSP/SSCP/OSCP/CEH/SANS/Cisco/MSFT - not essential
- Maintain specialist knowledge of security niches and contribute to expert discussions and/or working groups, PCI, cryptography, API’s, software defined networks, web development
- Develop and maintain working relationships with key influencers
- Be sufficiently organized to track and report the state of multiple projects that use different project processes
- Ensuring technology solutions are developed in line with our Enterprise Security Architecture framework and adhere to Information Security policies, standards and patterns
- Knowledge of Java programming, application design and common security issues
2
Information Security Consultant Job Description
Job Description Example
Our company is growing rapidly and is searching for experienced candidates for the position of information security consultant. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for information security consultant
- Ensure compliance with regulations and privacy laws
- Ensure that the organization's information security policies and procedures are adhered to
- Work with 3rd Parties and the Business to remediate findings associated with 3rd party risk assessments
- Monitors compliance with the organization's security policies and procedures among employees, contractors, vendors and other third parties and takes corrective action
- Conduct both technical and non-technical internal audits and risk assessments in accordance with ISO 27001/2 and other appropriate standards such as HMG standards and PCI DSS
- Responsible for ensuring that all information security audit findings are appropriately addressed
- Coordinate and support scheduled audits by external auditors
- Maintain appropriate risk registers, remediation measures and corrective action plans
- Act as the information security subject matter expert in relation to bids, programmes, projects, and business or technical changes
- Develop relationships with clients and other CCM functions
Qualifications for information security consultant
- Experience interacting with senior executives (or highly valued clients) on a daily basis
- CISM, CRISC, CISSP, SSCP or similar certification a plus
- Write and speak well
- You are able to work well under minimal supervision
- You are a demonstrated leader with team-oriented interpersonal skills and the ability to interface effectively with a broad range of people and roles, including upper management, IT leaders, and technology vendors
- You maintain calmness and clarity of thought under pressure and ability to maintain confidentiality
3
Information Security Consultant Job Description
Job Description Example
Our company is growing rapidly and is looking to fill the role of information security consultant. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for information security consultant
- Understand, document and keep current all data sources, meta data and log data requirements for the I & R team including business areas involved
- Understand, document and keep current all data sources, meta data and log data requirements available and potentially available from IT services
- Understand how IT services are connected in order to follow data source flow
- Build strong relationships with the business areas and other Information Security team members engaged in the Detect and Respond activities
- Test and assess new and proposed upgrades to IT services for data source, meta data and log data consistency for use
- Identify potential new data sources, meta data and log data sources for use
- Collaborate with IT infrastructure, other IT teams, the business areas involved third party suppliers to create and implement transition plans for changes to data sources, meta data and log data changes and/or additions
- Uses business knowledge to assist with all aspects of responding to Customer Information Security Risk Assessment inquiries (including working directly with customers)
- Contributes to horizontal and enterprise business strategy development by bringing forth impacts and opportunities associated with available and emerging technologies
- Shares security knowledge and expertise in multiple cross-organizational enterprise forums
Qualifications for information security consultant
- Experience of PCI-DSS assessment and control implementation
- In-depth understanding of network and system security technology and practices across all major-computing areas (Network, Firewalls, Client Server, PC/LAN, telephony) with a special emphasis on Cyber Security
- Experience in defining and deploying risk management frameworks
- Experience on ISO 27001 Information Security Management system, and conducting Risk Assessments
- Cyber Security assessments, implementation or cyber frameworks
- Desirable - Security certifications such as CISA, CISSP, CISM and CRISC
4
Information Security Consultant Job Description
Job Description Example
Our company is looking for an information security consultant. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for information security consultant
- Test final security structures to ensure they behave as expected
- Knowledge of Security Safeguards and principles
- Experience with conducting, documenting and reporting on Risk assessments/audits
- Experience in Information Security/Internal Audit related to IT controls and project management
- Info Security or Risk Management designations an asset
- Persistence and demonstrates tenacity and willingness to go the distance to get something done
- Drive research innovation and assist in conceptualizing and developing automated solutions for continuous monitoring of malicious activity
- Manage an assigned load of clients
- Perform threat modeling to contextualize data in order to provide customers with a greater understanding of current threats
- Correlate emerging threats (news events) with actual client exposures and risks
Qualifications for information security consultant
- Ability to work effectively within an environment where documentation and quality are essential (regulated environment and defensible processes and actions)
- Certified Cyber Forensics Professional (CCFP)
- Investigation support use case knowledge including evidence handling
- Experience in working in business facing related roles
- Working knowledge of IT forensic methods including mobile forensics
- Working knowledge of network & systems management
5
Information Security Consultant Job Description
Job Description Example
Our innovative and growing company is looking to fill the role of information security consultant. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for information security consultant
- Leading and simplifying access reviews for security events
- Perform a gap analysis of the client's current PCI environment
- Review and proposes recommended solutions that meet business requirements
- Client is a high-profile government agency that deals with highly sensitive data
- Create risk assessment documentation to outline mitigation plans and residual risk for acceptance by the business
- Carry out onsite supplier assurance visits to ensure supplier controls have been implemented and are operating effectively and in accordance with contractual obligations throughout relationship lifecycle
- Participate in activities pertaining to service reviews, metrics gathering and reporting, voice of the Process, voice of the customer, root cause analysis, remediation, reporting, and continuous improvement
- Strong decision-making capabilities, with a call-to-action focus
- Guides on detailed, comprehensive investigation of security issues, to review security log data, interpret data in support of security event management process from various data feeds and triage on a wide variety of security events
- Assesses and disseminates threats related to the enterprise in regard to current vulnerability by managing and developing an emerging threat model
Qualifications for information security consultant
- Lead business unit security program activities such as conducting/facilitating application security assessments, and providing application security consulting services to IT and other relevant partners and clients
- Minimum of seven plus years of progressive experience in information security/information risk management
- Professional certification (or current enrollment in program) for information security – CISSP, CISA, CRISC or similar credentials
- Supporting Cyber and Physical intelligence on a global-level by monitoring business systems for anomalies and threats that require further investigation
- Providing support to senior leadership working on information security and cyber intelligence issues
- Assess sufficiency of corporate policies and procedures for control of customer information risks and drive improvements, as necessary