Vulnerability Management Consultant at Black Rock Groups Erlanger, KY

Overview

Vulnerability Management Consultant job at Black Rock Groups. Erlanger, KY.

Location Erlanger, Kentucky (5 days onsite)

Experience 13+ Exp. only

• Review Projects and their technical design documents for Information security risks and advise on suitable controls and mitigations at early stages of the program
• Fair understanding of Technology Landscape Applications Infrastructure Cloud and review
• Assess clients information security and related threats and vulnerabilities, legal and regulatory requirements
• Good Understanding on Security Standards like ISO 27001/2, SOX ITGC, SOC1 or SOC2
• Dev Sec Ops , OWASP Top 10, Business Impact Analysis, ISO 22301, ISO 27005
• Assess and classify all potential business and infrastructure information risks
• Review and advise on information security risks of vendor offerings leveraging existing SAAS/PAAS/IAAS services including integration with Client environment
• Conduct risk assessment on Applications, Network, Systems according to Client policies, applicable Standards, legal and regulatory requirements
• Identify risks in the Client Projects and provide recommendations for remediation of identified risks
• Translate Technical, legal and Regulatory Compliance obligations into a cohesive collection of Security Controls and provide IRM requirements and implementation methodologies to stakeholders
• Identify or design controls for implementation based on Risk Assessment outcomes, remediation and residual risk
• Ensure all the controls outlined for an application/infrastructure are designed effectively
• Review Vulnerability Assessment and Penetration Test scan results and recommend risks to be remediated
• Review and approve the control design of supplier and their organization, technical specifications against Client security control requirements
• Ensure all risks are documented, classified and tracked with appropriate action per IRM standards
• Work with Project Managers, Business Analysts, Architecture and Support Team to ensure Client Information Risk Management standards are followed
• Test control effectiveness post implementation or deployment of controls and technologies
• Conduct Security governance with Client stakeholders

• Understanding of Cloud Security (SAAS, IAAS, PAAS) and Onpremise infrastructure
• Understanding of secure application development and support
• Knowledge on Network Security, Data Security Practices, EndPoint Security, Identity and Access Management
• Knowledge on Business Continuity Plan and Disaster Recovery

Security Risk Assessment ISO 27001/2 SOX ITGC SOC1 or SOC2 Dev Sec Ops  OWASP top 10 Security Risk Management Business Impact analysis Design Controls Data Security Policy review

• Projects Stakeholder Management, Governance Management, Reporting
• Very good communication skills, Agile Project delivery
• Cloud Security controls, Data Security, Info Sec baselines, Privacy requirements

• BTech CA MBA MS Info Sec MTech

• ISO 27001 Lead Auditor or Lead Implementor, CISA, CRISC, CISM, CISSP

Mandatory Skills : Infra Vulnerability Management - Qualys, Infra Vulnerability Management - Rapid 7, Infra Vulnerability Management - Tenable IO, Infra Vulnerability Management - Tenable Nessus, SC, CS, Infra Vulnerability management/Triaging/ Remediation Advisory / Service Now /ITSM /CMDB

Required Skills : Project Coordination

Background Check : No

Drug Screen : No