Sr Risk Management Consultant - (3 Days onsite once every quarter)
Posted 2 weeks ago by 1750840692
Negotiable
Outside
Hybrid
USA
Summary: The Senior Information Risk Consultant will provide expert guidance in security engineering and risk management, focusing on cloud services and security configurations. This role requires adapting security baselines to specific environments and conducting research to compile security requirements. The position is primarily remote with occasional onsite work required. It does not involve hands-on technical tasks such as system configuration or building.
Key Responsibilities:
- Provide expertise in security engineering and design.
- Assess and define configuration baselines for Azure cloud services and security platforms.
- Adapt security baselines from CIS, STIG, etc., to the IMF environment.
- Research vendor documentation to compile security requirements when structured information is unavailable.
- Conduct security assurance activities and verification of security controls.
- Ensure compliance with standards such as ISO 27001 and NIST CSF.
- Note that this position will not perform any hands-on work, such as building or configuring systems.
Key Skills:
- Expertise in Azure cloud services and security configurations.
- Knowledge of Microsoft Defender for Cloud and Office 365.
- Familiarity with Azure Network Security and Azure Policy.
- Ability to adapt security baselines from recognized frameworks.
- Research skills for compiling security requirements from credible sources.
- Experience with security assurance skills and standards (ISO 27001, NIST CSF).
- Strong analytical and problem-solving skills.
Salary (Rate): £68.00 hourly
City: undetermined
Country: USA
Working Arrangements: hybrid
IR35 Status: outside IR35
Seniority Level: undetermined
Industry: IT
Sr Information Risk Management
Location : Remote with (3 Days onsite work every quarter)
Pay Rate: $80 - $85/hr W2
Duration: 12 - 24 months contract
Job Description:
Under the general supervision of the Section Chief (Information Security Governance, Risk, Compliance and Data Privacy) the Senior Information Risk Consultant will provide expertise with security engineering, design, definition of configuration baseline, assessment, etc.:
- Azure cloud services
- Microsoft Defender for Cloud
- Microsoft Defender for Office 365
- Azure Network Security
- Azure Policy
- Microsoft Defender External Attack Surface Management
- Security configuration of enterprise cloud platforms like ServiceNow, etc.
- Security configuration of security platforms/ infrastructure (cloud and non-cloud)
- The person should be able to quickly adapt security baselines from CIS, STIG etc. to IMF environment.
- In cases where the information is not available in structured format e.g., CIS, candidate should be able to research vendor documentation and other available credible source of information to compile the security requirements.
- Furthermore, having Security assurance skills e.g., ISO 27001, Periodic assurance activities (Security control verification) , ITcontrols, NIST CSF etc. would be an added advantage.
- It s important to note that this position will not perform any hands-on work e.g., building, configuring systems.