Xtreme Consulting Group is currently recruiting for a Risk & Compliance Architect. This contract opportunity is with a global auto-manufacturing company in beautiful Portland, OR. Our client supports a work/life balance, free parking for cars and bicycles, and on-site restaurant options. Having partnered with this client for 20 years, a high percentage of Xtreme consultants are approved for extensions. Additionally, we have an on-site Xtreme support team that is always available to directly assist both the consultants and the client. If you feel you have the required skills and experience, please apply.
This position is a 12-month contract with a chance for extension.
The primary responsibilities of the consultant will be to assist client in ongoing evaluation, implementation and management of security related initiatives. The security consultant will assume key security generalist roles to provide expertise in the following tasks:
- Assist in the review, development and management of governing security policies and standards.
- Analyze risk of existing and proposed IT solution architectures and determine compliance with security policies
- Evaluate and recommend solutions that will reduce information security risks.
- Support the implementation, deployment and management of security solutions and tools.
- Perform pro-active security auditing and detailed project security reviews.
- Conduct threat research continually improve the security posture of the organization and reduce cyber incident detection times.
- Collaborate across the organization to automate the response and resolution of cyber security events and incidents
- Supports cyber incident response investigations.
- Bachelor's degree in Computer Science, Information Systems, Computer Applications, Software Engineering, or equivalent work experience.
- Minimum 5 years' experience performing IT risk assessments and risk management practices.
- Knowledge of application development, computer engineering, operating systems or infrastructure technologies.
- Excellent interpersonal, verbal, and written communication skills
- Ability to work in a cross-functional organization and be a team player
- Strong technical aptitude, a desire to learn, and apply creative thinking to solving problems
- Familiarity of NIST Cyber Security Framework, CIS Top 20 Critical Security Controls and OWASP Top 10.
- Strong familiarity with CSIRT methodologies, threat hunting models, SIEM concepts, and cyber incident response.
Preferred Skills / Experience
- Certified Information System Security Professional (CISSP) or relevant security certification (CISM, CRISC, etc.)
- Knowledge of Intrusion Prevention Systems (IPS), Firewalls, Web Application Firewalls (WAF) and Internet Proxy functionality.
- Experience analyzing log files using Splunk, or similar tools.
- Experience analyzing phishing email and malware
- Ability to script in python if required for security automation.
- Familiarity with security frameworks (ISO 27001, NIST 800 series) and regulatory frameworks (PCI, SOx, GDPR, HIPPA, privacy).
- Experience performing vendor/cloud risk analysis and defining required security controls