John Clements

As an Information Security Consultant, you will:

• Assess new vendors, technologies and systems
• Help improve application security practices
• Advise management on risks
• Respond to security incidents
• Manage security related initiatives
• Promote an information security culture.

Responsibilities:

• Lead project risk assessments from a technical security and information risk management perspective and advise management on risks. 
• Assess current and potential vendors, new services, and new technologies from a technical security and information risk management perspective. 
• Support security program activities like managing application security assessments (e.g., penetration tests, code security assessments), and providing application security consulting services to IT and other relevant partners and clients. 
• Support operational security activities including oversight of ongoing segment specific security processes (e.g., incident response, ad hoc queries, periodic access reviews, and vulnerability management). 
• Support the development and enforcement of global information security policies and standards; work with business units and technical teams to implement security policies and processes throughout the segment. 
• Stay informed on emerging technologies, key business drivers, evolving threats and opportunities from both the business and within information security discipline.                                                                                                                                             

Knowledge/Skills/Competencies/Education:

• University degree in Computer Science, Information Technology, Software Engineering, Business Administration or relevant educational and professional experience.
• Five years or more of experience working at an intermediate level role, or above, within a combination of relevant technical disciplines in the field of Information Security and Information Risk Management – can include technical assessment, vendor assessment, network security (including platform, application etc.), vulnerability management, and information protection.
• Demonstrated commitment to the field of Information Security through current accreditation from SANS, ISC2 and/or ISACA (e.g. GSEC, CISSP, CISA, CRISC). Project management designation is an asset, but not required.
• Deep knowledge of cloud computing security and IaaS, PaaS or SaaS environments.
• Working experience in conducting risk assessments, required controls definition, control procedure appropriateness, security capabilities identification, is preferred.
• Experience applying security frameworks (e.g. ISO 27001, COBIT), laws and standards (e.g. NIST, GDPR, Sarbanes-Oxley) is helpful, but not required.
• Understand the business requirements and respond accordingly from information security standpoint.
• Ability to work independently and as part of a team, managing multiple priorities within tight deadlines.
• Good verbal and written communication, facilitation and interpersonal skills.
• Influence behavior to reduce risks and foster a strong information security risk management culture.