Senior Security Assessor

About Specialized Security Services, Inc.

For over two decades, our expert team has successfully assisted organizations with the implementation and oversight of their information security, privacy, and regulatory compliance programs. Our reputation is our own, built upon our steadfast commitment over the years to do the right thing and go above and beyond for our clients.  We pride ourselves on our ability to think outside-the-box, stay nimble and succeed as a team.

About the Senior Assessor role:

The Senior Security Assessor supports PCI Compliance, ISO, NIST, CMMC, Risk Assessment, HIPAA, CCPA, GDPR project initiatives by undertaking risk assessments, advising on implementation of security measures, recommending appropriate risk mitigations, interpreting security policy and standards in the context of projects and business scenarios to help the business operate securely. This role has a significant client consulting and management component in advising, defining client security requirements to industry best practice standards, and ensuring that all projects meet these requirements, or that exceptions and issues are noted and remediated as appropriate.

As a Senior Assessor, you will:

• Assess existing controls to determine level of compliance to the PCI DSS standard, ISO, HIPAA, GDPR, NIST, FedRAMP etc. inclusive of: their maturity, state of compliance, and the risk associated with any findings.
• Supports PCI-DSS, Risk, NIST, ISO, CMMC, FedRAMP, Cyber Security Compliance gap analyses and assessments.
• Support compliance privacy client engagements and familiarity with GDPR, CCPA, PIPEDA  or similar privacy frameworks.
• Supports sites in testing, documentation and issue resolution associated with cyber security programs.
• Perform comprehensive threat/risk assessments and business impact analysis of current system, data, application and technology environments to determine possible internal and external threats to information assets, and identify security measures required to counter such threats.

• Supports sites in testing, documentation and issue resolution associated with cyber security programs. 

• Participate in the development and implementation of the enterprise security architecture and supporting security standards to ensure compliance with corporate policies, and relevant legislative and regulatory requirements.
• Perform technical security reviews or assessments to ensure targeted systems, networks, applications and/or data are in compliance with corporate policies and standards.
• Serve as a client-facing GRC consultant on S3 engagements, performing governance, risk, and compliance activities on behalf of client organizations as defined in contracts.Assess and communicate risk, control gaps, and compliance implications, translating technical and operational findings into clear, business-focused guidance for client stakeholders.
• Understand that, due to the rapidly evolving cybersecurity landscape, maintaining this role will require obtaining additional certifications to keep up with the cybersecurity threat landscape and industry acceptable certifications.

Required Education and Experience:

• A university degree in Computer Science, Engineering, or a field which relates to the role.
• Minimum of at least two security certifications from the following (ISC)2 CISSP, ISACA CISM,

ISACA CISA, SANS GIAC/GSNA, ISO27001 Certified Lead Implementer/Lead Auditor/Internal Auditor

• Five (5) + years of Information Security experience in Security Governance, Risk and Compliance practices and methodologies.

Preferred Experience that drives success in this role:

• Additional Security certification such as QSA, CMMC CP, CMMC CCA, IRCA ISMS Auditor or higher, IIA Certified Internal Auditor (CIA), HITRUST
• Experience performing GRC functions for either:
  • As a consultant delivering GRC, risk, or compliance services
  • In an internal GRC role with direct responsibility for assessments, risk management, and compliance activities
• Demonstrates advanced knowledge of the principles, best practices architecture and design approaches to applicable capabilities, services and standard controls that fall under the scope of the PCI-DSS, NIST, CMMC, and ISO. 
• Experience with performing cyber security assessments and familiarity with industry cyber security tools or experience auditing systems.
• Experience of security hardening techniques and policy development, particularly with regards to secure software development methodologies and process.
• Previous experience in PCI-DSS, NIST, CMMC, ISO compliance program including pre-assessment or assessment and gap remediation programs.