Sr. Security Consultant - Programs Strategy & Risk

Job Summary

Stratascale is seeking a Senior Cybersecurity Consultant experienced in evaluating and designing cybersecurity controls, business processes, and developing strategies to maximize program improvements. As a Senior Consultant, you will play a critical role in helping our clients navigate the complexities of governance, risk management, and compliance. You will leverage your expertise to assess, develop, and implement GRC frameworks and solutions that align with our clients' strategic objectives. This role requires a strategic thinker with strong analytical skills and the ability to manage complex projects while building lasting relationships with clients. Consulting opportunities include Compliance & Audit support, Cyber Risk Management, Strategy and Governance development, Cyber Workforce Development (including Security Awareness Training and Executive Tabletop Exercises), and maturing Third-Party Risk Management (TPRM) programs.

This role will report to the Director of Security Programs - Strategy & Risk within Stratascale.

This position is remote with a Home Office setup as determined by Stratascale management. 

About Us

As a digital and cybersecurity services company, Stratascale exists to help the Fortune 1000 transform the way they use technology to advance the business, generate revenue, and respond quickly to market demands. We call it Digital Agility.

To learn more about how we’re shaping the future of digital business and a more secure world, visit stratascale.com.

Responsibilities

Include, but not limited to:

• Work closely with clients to understand their needs and develop tailored strategies and solutions.
• Conduct comprehensive risk assessments to identify potential vulnerabilities and recommend appropriate mitigation strategies.
• Ensure that clients adhere to relevant regulations and standards, such as GDPR, SOX, HIPAA, and others specific to their industry.
• Design and implement GRC frameworks and policies that support organizational objectives and regulatory requirements.
• Assist clients in preparing for audits, including the development of necessary documentation and processes.
• Develop and deliver training programs to enhance understanding and practices.
• Identify opportunities for process improvements and innovation within client programs.
• Deliver, facilitate, and proctor in-person workshops and remote webinars.
• Collaborate on the creation of security standards and organizational policies.
• Configure and manage workflows, risk registers, exceptions management processes, reports, and notification within GRC platforms.
• Create and/or customize training content and deliverables.
• Assist with vendor due-diligence processes and help define overall third-party risk management efforts.
• Stay abreast of industry trends and emerging risks and provide insights and recommendations to clients and internal teams.
• Lead and manage multiple projects simultaneously, ensuring timely delivery and quality outcomes.
  
  

Qualifications

• Bachelor’s degree in Information Technology, Business Administration, Risk Management, or a related field. A Master's degree is preferred.
• A minimum of 10 years of experience in GRC, risk management, or a related field.
• Proven track record of successfully implementing GRC frameworks and solutions in a consulting capacity.
• Proficiency with security frameworks such as NIST RMF, NIST CSF, COBIT, ISO 27001/27002.
• Experience in managing complex client engagements and building strong client relationships.
• Practical experience with one or more Security Awareness Training (SAT) platforms such as Immersive Labs, KnowBe4, and Ninjio.
• Experience with one or more of the following: TruOps, Prevalent, ServiceNow GRC, Archer, Microsoft Compliance Manager and Microsoft Purview, and/or other relevant GRC, Privacy, and/or Risk Management technologies.
  
  

Required Skills

• Excellent analytical and problem-solving skills with a strategic mindset.
• Strong communication and interpersonal skills, with the ability to convey complex concepts to diverse audiences.
• Ability to work independently and as part of a team.
• Strong project management skills with the ability to handle multiple priorities.
• Ability to develop training programs, curricula, and cybersecurity training content.
• Capable of creating security standards and guidelines based on industry best practices.
• Experience with legal and regulatory compliance standards such as NYDFS Cybersecurity Regulation, GDPR, HIPAA, and PCI.
• Experience leading client meetings, defining business requirements, and communicating strategic value for a diverse set of initiatives.
• Experience with IT governance, risk, and compliance management in a complex global environment.
• Proficiency in GRC tools and software platforms.
• Ability to develop security standards and guidelines based on best practices and industry standards.
• Team player with strong work ethic with attention to detail.
• Excellent written, verbal, and consultative skills (e.g., professionalism, collaboration, negotiation, conflict resolution, quick learner, etc.).
  
  

Certifications Required

• Preferred Certifications include:
• Certified Information Systems Security Professional (CISSP)
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified in Risk and Information Systems Control (CRISC)
• Other relevant GRC certifications are advantageous.
  

Unique Requirements

• Attend virtual client meetings when appropriate.
• Travel to client sites, partner sites, conferences, and Stratascale offices up to 25% annually.
  
  

Additional Information

• The estimated annual pay range for this position is $165,000 - $205,000 which includes a base salary and bonus. The compensation for this position is dependent on job-related knowledge, skills, experience, and market location and, therefore, will vary from individual to individual. Benefits may include, but are not limited to, medical, vision, dental, 401K, and flexible spending.
• Equal Employment Opportunity – M/F/Disability/Protected Veteran Status
  
  

Compensation Structure

Base Plus Bonus

Approved Min (Total Target Comp)

USD $165,000.00/Yr.

Approved Max (Total Target Comp)

USD $205,000.00/Yr.