IT Security Consultant Job Description
IT Security Consultant Duties & Responsibilities
To write an effective IT security consultant job description, begin by listing detailed duties, responsibilities and expectations. We have included IT security consultant job description templates that you can modify and use.
Sample responsibilities for this position include:
IT Security Consultant Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for IT Security Consultant
List any licenses or certifications required by the position: CISSP, CISM, CISA, ITIL, RHSE, MSCE, CRISC, CAP, RSA, X.509
Education for IT Security Consultant
Typically a job would require a certain level of education.
Employers hiring for the IT security consultant job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Collage Degree in Computer Science, Engineering, Information Systems, Information Technology, Business, Education, Information Security, Technical, Graduate, Technology
Skills for IT Security Consultant
Desired skills for IT security consultant include:
Desired experience for IT security consultant includes:
IT Security Consultant Examples
IT Security Consultant Job Description
- Assist in developing and managing an integrated risk framework for the company’s IT security risk philosophy, standards, and processes
- Augment and maintain risk registers
- Expand upon existing risk identification and management processes
- Develop and implement Key Risk Indicators (KRIs) for IT
- Document procedures and activities in a manner that is understandable to internal stakeholders and external auditing entities
- Define the plan to identify and evaluate technology risks, internal controls which treat risks, and related opportunities for control improvement
- Develop, implement, and enhance tracking processes in order to ensure adherence to IT standards regulatory and contractual compliance
- Perform security risk assessments (SRA) according to the SRA framework and IS standards for both custom developed and third-party applications within the existing Infrastructure
- Document identified IS risks to incorporate relevance and impact to enterprise systems, infrastructure and business process
- Communicate effectively orally and in writing and express conclusions and recommendations in a clear, technically sound manner, understand and communicate how vulnerabilities can be exploited within technology and the enterprise environment in a manner that resonates with the business areas
- At least 6+ years of equivalent, hands-on IT security experience in large enterprise environments
- Strong interpersonal communication skills (verbal and written) and strong emotional intelligence
- Information Security Management Principles - Physical Security, Disaster Recovery, Access Controls, Authentication, Audit, Governance, Risk Management, Security Architecture, Cryptography, Systems Development and Business Continuity
- A fundamental understanding of IT Systems and Services covering Virtualisation, Mainframes, Cloud Services, Hosting Services, Desktop
- The ability to create high quality documentation such as Presentations, Risk Assessments, Reports and completing metrics and spreadsheets
- Minimum of three to five years of overall direct IT audit experience performing hands-on information security risk assessments, vulnerability assessments through the incorporation of automated scanning and audit tools, performing IT General Controls in support of SOX 404 compliance, Application Controls and security audits
IT Security Consultant Job Description
- Develop and maintain process, risk methodologies and SOP documentation
- Researches and maintains knowledge base regarding Industry frameworks, best practices, information security issues, solutions and potential implications
- Recognize any internal control weaknesses and lack of compliance with internal procedures and policies, which may result in inadequate, inefficient, or ineffective operations
- The security engineer plays a key part in ensuring managed security services is rendered at the highest quality and standard
- Communicate (oral and written) to senior management on risks management concepts, specific project risks and risk mitigation options / scenarios
- Manage remediation requests
- Create open relationships and communications with central services, business unit, local IT staff and users
- Provide mentorship, recommendations, standard methodologies, for HIP/HID and vulnerability scanning operations, stabilize and optimize system performance, assist with upgrades and tech refreshes, installations and configuration
- Define and implement technical and business requirements for data protection solutions
- Lead different security projects in the EU in the following domains
- Experience with internal or external audit, information technology processes, accounting processes, risk assessments, business process reengineering, project management, and ERP packages preferred
- Working knowledge and experience with analysis tools such as IDEA, Audit Control Language, and proficiency in Microsoft Access, Word, Excel, PowerPoint, and Visio preferred
- Knowledge of the methods, techniques and processes to install, maintain and update firewall systems
- Ability to host in-person teleconference meetings
- Industry certification, CISSP or SANS
- University coursework in Electrical Engineering, Computer Sciences, or a related area of studies is preferred
IT Security Consultant Job Description
- Oversee and manage the documentation of flaws into risk registry and track remediation activities * Collaborate with the global IT Risk and Security team to ensure the alignment on global delivery
- Assist in the generation of metrics to drive the continuous improvement program and present current state of security status to management team Essential Business Experience and
- Review and development of security framework, information security policies, processes / procedures and guidelines on an ongoing basis
- Administer compliance with these policies / procedures through ongoing security reviews and audits, not limited to log analysis and security assessment of customer ICT systems
- To conduct security risk management exercise
- To manage vulnerability assessment and penetration tests
- To conduct information security awareness training
- Responsible for the development and management of customer’s security incident response plan
- Point of contact to assist and advise customer for ICT security related matters
- To be able to provide technical consulting and advice
- 3+ years hands on experience with security or administration of either systems (Windows/Linux) or network devices (routers/firewalls/switches)
- Ability to integrate various data feeds into Splunk
- Extensive knowledge of packet capture and analytics tools
- Knowledge of the OWASP top 10 and related exploitation techniques, including but not limited to cross-site scripting, SQL injections, session hijacking and buffer overflows to obtain controlled access to target systems
- Experience performing information security assessment work
- Demonstrated ability to create complex comprehensive project reports with the ability to review and revise reports with peers
IT Security Consultant Job Description
- You consult and support the IT function regarding IT process, security management and governance standards
- You initiate and facilitate the delivery of assurance by suppliers
- You coordinate process and security assurance and compliance activities
- You execute IT process and security maturity audits
- You train and coach IT teams in using the IT security management and control process and practices
- You contribute to the delivery and management of IT principles, process design, process implementation and process improvements
- You contribute to the definition of the DSM ICT Corporate Requirements, Practices, and Baselines
- You are responsible for designing and implementing the performance measurement framework for IT process and security management maturity
- You ensure that IT solutions within the scope of the role are compliant to relevant corporate, security, validation and architecture requirements, and that deviations are dealt with promptly according to the defined procedures
- Establish compliance with these policies / procedures through ongoing security reviews and audits, not limited to log analysis and security assessment of customer ICT systems
- Technical network
- Must be willing to work in a 24x7 support environment with occasional on-call support
- 3+ years of hands-on experience in Security Systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering
- Experience with multiple information technology platforms (Microsoft, Linux, VMware, Cisco, Symantec)
- Experience with SailPoint IIQ or comparable IAM platform strongly preferred
- Skills on the definition and implementation of IT GRC Solutions, preferably blased on RSA Archer
IT Security Consultant Job Description
- Manage HIP/HID products, assist with upgrades and tech refreshes, installations and configuration
- Define and implement technical and business requirements for data protection solutions, participate in project reviews
- Troubleshoot HIP/HID issues, provide consultancy and engage vendor where applicable
- Evaluate alternative security solutions and approaches
- Security Advisory Management for both regular out-of-band security advisories
- Management of Security Protection Devices such as IPSes, Firewalls and Load Balancers
- Security Audit Management as a Central Coordinator, Driver, Activity Tracker and SPOC
- Writing of Security Process & Policies
- Conducting of Security Awareness Briefings
- OS Hardening Management
- Experience with hosting in-person teleconference meetings
- Excellent knowledge of Networking and Security infrastructure devices and applications
- Experience with threat intelligence and 3rd party agencies such as ISACS, DHS/US-CERT
- Strong experience with the use of ISO 27001 control framework and Information Security Management System (ISMS) implementation
- General awareness and broad understanding of business process controls
- Technical qualification an asset MCSE, CCNA, CCNP, CCSP