Information Security Advisor

Trustwave Chicago , IL 60602

Posted 2 months ago

About Trustwave

Trustwave is a leading cybersecurity and managed security services provider that helps businesses fight cybercrime, protect data and reduce security risk. Offering a comprehensive portfolio of managed security services, security testing, consulting, technology solutions and cybersecurity education, Trustwave helps businesses embrace digital transformation securely. Trustwave is a Singtel company and the global security arm of Singtel, Optus and NCS, with customers in 96 countries. For more information about Trustwave, visit https://www.trustwave.com.

The Information Security Advisor function provides a single point of contact for all security-related activities for designated customer accounts, and takes a key leadership role by providing extensive hands-on guidance in the development and implementation of security policies as related to designated accounts. The role extends further by providing hands-on consultative security expertise to the customer in making and recommending key decisions in the area of security, which may include security architectural work, operational support, and other duties in support of the customer. As it pertains to consultancy, management and focus varies greatly from account to account as there are variable customer and contractual requirements. The Information Security Advisor function possesses a combination of skills including: industry recognized certification (CISSP), general security expertise and project management skills.

Duties:

  • Provide a single point of contact to the account management and delivery teams for all operational security related activities for the customer account. Maintain and oversee relationships for all delivery organizations providing security support.

  • Manages the implementation of the Security Agreement. Proactively drives the operational compliance on the account. Provide in-house consultancy on information risk management matters and advise on the implementation of security controls on the Account.

  • Oversee the implementation and management of operational security activities, processes and policies as required (e.g. Security Incident Management Process).

  • Track and assist in the management of the resolution of reported operational security issues. Recommend actions, reviewing plans and monitoring progress of remedial actions. Manage to resolution security risks identified as a result of reviews and audits, changes in Trustwave or customer environment, changes in operating practices or processes, changes in technology etc.

  • On a regular basis (recommended at least monthly), meet with the account team to review security status, review any risks, issues, incidents, outstanding activities, current and planned changes.

  • Provide informal security assessments for Trustwave delivered processes or architectures to ensure that contractual requirements for information risk management and security controls are satisfied. Regularly review the delivery environment of the account to identify security risks to Trustwave or the customer.

  • Participate in change control (review and/or approval) activities for changes that may impact the customer's security posture

  • Serve as a dedicated focal point for managing security or anti-virus incidents that occur in the customer's environment.

  • Provide security-related education to ensure security awareness and knowledge of customer applicable security policies and processes. Answers questions and concerns regarding customer applicable security policies and processes.

  • Ensure that opportunities to improve security are identified. Research new security technologies and practices and recommend additional security services as required.

  • Offer executive-level presentations for the account or client management and proactively keep Trustwave senior leadership abreast of all account concerns.

Skills and Knowledge Requirements:

Must have advanced skills/knowledge in several of the following areas:

  • Information Security Operations

  • PCI DSS Compliance

  • Demonstrated Project Management Engagements

  • Software Development Lifecycle

  • Network security architecture and design

  • Routers and access control devices

  • Unix / Linux operating systems

  • TCP/IP networking

  • Intermediate Knowledge of Common Technologies (SIEM, WAF, IDS, IPS, IVS)

  • ArcSight Security Management Solutions

  • Cisco network security products (ASA)

  • Check Point Firewall security products

  • Internet Security Systems (ISS) security products

  • Juniper / NetScreen security products

  • 3COM / Tipping Point security products

  • McAfee network security products

Desired experience:

  • Trustwave products (SIEM, WAF, IDS, IPS, IVS)

  • Excellent customer service skills

  • Excellent analytical thinking and problem solving skills

  • Strong communication skills

  • Self-managed/directed and team oriented

  • Strong project management skills

  • Deadline and detail oriented

  • Highly self-motivated

  • 2nd language is also desired: Spanish, Portuguese or French preferred

Required:

  • At least 5 year experience in Information Security or Networking

  • Certification(s) in Security Sector (CISSP, GIAC, Security+, Cisco etc.)

Education:

We prefer college-educated applicants, but at minimum, high school diploma or equivalent is required for employment.

Trustwave is an Equal Opportunity Employer of Minorities, Females, Protected Veterans, and Individuals with Disabilities.

To All Agencies:

Please, no phone calls or emails to any employee of Trustwave outside of the Talent Acquisition team. Trustwave's policy is to only accept resumes from agencies via the Trustwave Agency Portal. Agencies must have a valid fee agreement in place and they must have been assigned the specific requisition to which they submit resumes, by the Talent Acquisition team. Any resume submitted outside of this process will be deemed the sole property of Trustwave and in the event a candidate is submitted outside of this policy is hired, no fee or payment of any kind will be paid.

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Information Security Consultant ISO 27001
New!

Pivot Point Security

Posted Today

VIEW JOBS 11/27/2020 12:00:00 AM 2021-02-25T00:00 <p><strong>Are you an experienced lead information security auditor/implementer? Have you authored policies? Have you worked as a consultant before? </strong></p><p>If you also thrive in a dynamic environment, like challenges and believe work and fun are not mutually exclusive, then maybe you’re the one we’re looking for. We need team players who are smart and creative, who love IT assurance and who want to grow with a growing company: who are as comfortable talking with senior management about Information Security Management Systems and attestation strategies as they are with a developer or sysadmin about TLSv1.2.</p><p>We are looking for the “right” person with ISO 27001 experience to join our team as a GRC (Governance, Risk Management and Compliance) Consultant to work in a collaborative fashion with our clients to help them manage Information Security &amp; compliance risk as well as prove the same to management and customers. While we may consider other types of implementer/auditor experience, our primary preference for this role is those who have led ISO 27001 and/or SOC 2 audits. Experience with Privacy (ISO 27701/GDPR/CCPA) and/or Business Continuity (ISO 22301) a plus. In this role, you will spend 10 - 35% of your time at client sites (post Covid, of course!) and the rest of your time working from wherever you work most effectively. </p><p><strong>We expect this person will:</strong></p><ul> <li>Track and ensure adequate and timely resolution to all audit and risk assessment findings or issues relating to information security, and never miss a deadline. </li> <li>Effectively and appropriately communicate audit engagement reports and recommendations to client management and resolve any client concerns or questions. </li> <li>Meet/exceed defined contribution goals for services you will deliver. </li> <li>Achieve target Net Promoter Scores for your service by managing client relationships.</li> <li>Ensure 100% certification success rate on ISMS projects.</li> <li>Earn and gain the trust and respect of the PPS team.</li> <li>Grow into a role with increasing responsibility</li> </ul><p><strong>Requirements</strong></p><p><strong>The right person HAS the following characteristics (these are “non-negotiable”):</strong></p><ul> <li>Personal integrity, a highly transparent nature, and a mind-set of “mutual benefit”.</li> <li>Thrives on and is worthy of self-managing the projects they are responsible for (micro-management is a four-letter word at PPS).</li> <li>Has very high “Self-Expectation” (self-motivated, self-aware, self –disciplined, self-improving, and self-governed). You hold yourself to a higher standard than others do.</li> <li>Enjoys work and life, values a balance, and is looking for a company that shares those ideals (understands that you do not get a second chance to see your child’s first school play and that it does not matter if the report gets done at 3:00 PM or 10:00 PM, if it gets done).</li> <li>Highly consultative and collaborative nature; someone who enjoys helping others achieve ambitious business and information assurance goals.</li> <li>Effectively and proactively communicates in writing/speech both internally/externally from the server room to the board room.</li> <li>The ability to “work from anywhere” as this role is remote/virtual in nature.</li> <li>A good sense of humor and the ability to laugh at themselves.</li> </ul><p></p><p><strong>The right person usually has the following experience (these are somewhat negotiable):</strong></p><ul> <li>Significant experience leading information security engagements with a preference for IS0 27001 and SOC 2 audits or assessments</li> <li>Experience in leading or knowledge with implementations</li> <li>Experience authoring policies and procedures</li> <li>Significant experience working as a consultant working in a consulting firm managing multiple client projects.</li> <li>Significant knowledge of ISO 27001/2 and its derivatives (e.g., HITRUST, Shared Assessment) as much of our consulting and collaboration is around an ISO 27001 Information Security Management System.</li> <li>Solid knowledge of the NIST 800-171/FISMA/CMMC framework and is derivatives (e.g., Fed RAMP, CMS Information Security Program) as many of our clients serve government customers.</li> <li>Knowledge of ISO 27701/CCPA/GDPR Privacy frameworks.</li> <li>Experience with ISO 22301 and Business Continuity.</li> <li>Enough Information Technology and Information Security experience to contextualize and make their recommendations relevant and valuable.</li> <li>Experience and knowledge with Governance, Risk Management and Compliance</li> <li>A desire to take on roles of increasing responsibility including defining services, managing teams and coordinating resources.</li> </ul><p><br><strong>The right person often has the following attributes (these are negotiable):</strong></p><ul> <li>Experience with the myriad of regulatory compliance frameworks our client base is subject to (e.g., HIPAA, PII, PCI-DSS, SOX, STARS, NERC-CIP).</li> <li>Prior experience developing services for delivery and managing a team.</li> <li>Certifications that demonstrate to our clients our commitment to excellence in our craft (e.g., ISO 27001 Lead Implementer, CISA, CISSP, ISO 27001 Lead Auditor, CCSA, MCSE, CEH, OSCP).</li> <li>Familiarity with related standards (e.g., SSAE-16 SOC1, SOC2, ISO-22301, ISO-9001).</li> </ul><p><strong>Benefits</strong></p><p><strong>About Pivot Point Security</strong></p><p>We’re a small, but growing, company. So, we do our best to keep the right people at PPS (most of our team has been together for 6+ years) by aspiring to:</p><ul> <li>A high-performance work environment with extremely passionate, driven and experienced technical professionals. At Pivot Point Security, you will find colleagues you can respect and learn from.</li> <li>A management system where all employees participate in establishing the company’s goals/initiatives and have ready visibility into the company’s performance. We’re working hard to create processes and metrics to measure our, *and your) success.</li> <li>An environment where relationships are important, internally and externally. We provide the highest levels of customer service and strive to always exceed our clients’ expectations.</li> <li>A competitive salary (more than most) with a F100 level benefits package (e.g., medical, dental, vision, HCFSA, 401K w/ company match, 529 College Savings, vacation and personal days).</li> <li>Providing individuals, the opportunity to develop by giving them the resources required, surrounding them with great colleagues, and allowing them to take on new/big challenges.</li> </ul><p></p><p><strong>As a Company, We:</strong></p><p>1. Tell the Truth (Honesty is almost always the best policy)</p><p>2. Do the Right Thing (Keep commitments, over-communicate, be transparent, confident, worthy of/thrive on freedom)</p><p>3. Smile (Life is too short not to … likeability is nearly as important as competence)</p><p>4. Seek “Win-Win” (Think cooperative, not competitive - seek mutual benefit in all interactions)</p><p>5. Provide Clear and Actionable Guidance</p><p>6. Simplify</p><p>7. Are Customer Focused</p><p><br></p><p>At Pivot Point Security, we don’t just accept difference — we celebrate it, we support it, and we thrive on it for the benefit of our employees, our clients, and our community. Pivot Point Security is proud to be an equal opportunity workplace</p> Pivot Point Security Chicago IL

Information Security Advisor

Trustwave