Senior Cloud Security Risk Analyst

As a Qualified  IT Security & Cyber Risk Management Consultant you will provide assessment and consulting to ECC’s clients. This tele-work position requires travel to client locations globally for interviews and validation of physical and technical controls that are expected to protect customer business continuity, data and information. The work done every day makes a difference in the lives of people around us at work and at play.In this role, you’ll be responsible for:

  • Reviewing and analyzing network diagrams along with configuration of several technologies in use to meet the Industry and regulatory requirements.
  • Review of firewalls, multiple operating systems, malware protection, IDS/IPS and various network monitoring and protection methods.
  • Activities included in conducting interviews, reviewing documents from the clients for compliancy, writing compliance reports, preparing and delivering briefs, and conducting analyses of various processes and programs related to the Data Security Standards.

 

What we’re looking for……You’ll need to have:

  • A Masters degree in Information Systems, Technology, Information Assurance, Information Security or related field.
  • Experience with virtualization technologies and private or public cloud products, like Openstack, AWS, Azure, Google, etc.
  • Eight or more years of relevant work experience.
  • Certified in the areas of CISSP, CISM, CISA
  • Certified ISO 27001, Lead Auditor, Internal Auditor
  • Experience in performing Security assessments.
  • Experience in ISO-2007 requirements and possible validation methodologies.
  • Information Security experience in two of the following: Firewall, Network Admin, Architecture, Engineering, Pen Testing
  • Ability to work independently or in collaboration environments to meet delivery obligations.
  • Strong knowledge of networking (TCP/IP, topology, and security).
  • Ability to provide solutions for technically complex issues and understand their impact in a broad business context.
  • Knowledge of network addressing (both IPv4 and IPv6).
  • Experience with code versioning tools.
  • Familiarity with Linux or other Unix-like systems.
  • Experience with management of scanning security technologies (i.e. Tenable Nessus, Nexpose Rapid7).
  • Knowledge of industry best practices in enterprise-class software development and agile methodology.
  • Strong knowledge about relevant security industry solutions and developments for security technology within scope of infrastructure
  • Excellent oral, written, and interpersonal skills. Ability to present and communicate with superiors and peers.
  • Knowledge of emerging technology, regulations, and security governance.
  • Experience implementing policies, standards, guidelines, frameworks and controls.
  • Experience with best practices and industry standards for protecting information assets.
  • Knowledge of cybersecurity risk management concepts, frameworks, control standards, secure coding principles, and technologies.
  • Ability to develop creative and innovative solutions to complex business issues.