Senior Security Consultant - Risk and Compliance
Risk and Advisory | Boston, MA, United States


  • Provide strategic information security advisory and consulting services for enterprise clients.
  • Identify, scope, and deliver customer Information Risk Management needs within the Neohapsis services portfolio.
  • Scope security engagements and support development of proposals and statements of work, effectively translating customer requirements into an engagement to meet those needs.
  • Provide trusted Information Security Officer advisory services to enterprise customers.
  • Translate business, industry, and regulatory requirements into information risk management objectives and associated tactical/strategic information security initiatives.
  • Identify sales opportunities during and after engagement; work with sales personnel to close business.
  • Participate in the development of Neohapsis service portfolio and methodologies
  • Demonstrate the ability to multi-task, including completing client engagements and thought leadership activities.

 Average travel approximately 40%, with potential up to 50% per year.

Required Qualifications

  • In-depth information security management experience with specific focus on one or more of the following:
    • Network security
    • Information risk management
    • Security audit
    • Security operations
    • Security program development
    • Compliance management
    • Experience researching, developing, and applying new methodologies and technologies
    • Cross-organizational IT project management experience with an information security focus
  • Strong leadership skills
  • Demonstrated ability to self-manage
  • Exemplary command of the English language, both oral and written
  • Extensive information security program and risk management knowledge

 Bachelor's degree or equivalent practical experience.

Additional Qualifications

 Practical experience with one or more of the following:

  • Regulatory
    • Sarbanes-Oxley (SOX)
    • Health Insurance Portability and Accountability Act (HIPAA)
    • Gramm Leach Bliley Act (GLBA)
    • North American Electric Reliability Council (NERC)
    • Federal Financial Institutions Examination Council (FFIEC)
  • Industry Standards
    • International Standards Organization (ISO) 27001/27002/27005
    • Payment Card Industry Data Security Standard (PCI DSS)
    • ISACA Control Objectives for Information and related Technology (COBIT)