Job Description :
Data Security Consultant
Naugatuck, CT
12 months
Review the security posture of 3rd parties looking to do business.
Document and provide recommendations on risks.
Will analyze information security systems, provide recommendations, and develop security measures to protect information against unauthorized modification or loss.
Evaluating and advising on the security disposition of Commercial off the shelf (COTS) products, as well as other 3rd party provided libraries and extensions.
Assist in developing and providing IT Security Training regarding secure code development practices.
Maintaining security documentation, and auditing for compliance.
Conduct the review of operational and IT processes, provide management with an assessment of risks, internal controls design and the overall effectiveness and efficiency of the processes.
Conduct testing of IT related controls and identify areas of control exceptions.
Apply knowledge of IT trends and IT systems processes to identify engagement issues and risk management issues.
Who you will work with:
Security professionals (architects, engineers, analyst, risk, compliance R&D and IT department)
All Vivint Business pillars but closely with IT department
What we’re looking for:
Required Skills
3+ years of experience delivering IT audit projects, including risk assessments, system reviews and IT controls testing.
Knowledge of secure coding concepts and common vulnerabilities.
Software testing experience is a bonus.
Experience with Linux/UNIX, iOS and Windows.
Must have good written and verbal communication skills.
Demonstrated analytical skills.
Experience in the following areas will be desirable
Training and advising developers in secure coding practices.
Understanding and ability to consult on implementing the following regulations and control frameworks (SOC) audits, ISO 27001:2013, internal and certification audits, SOX, GDPR, PCI and project-based IT compliance
Understands, identifies, evaluates and documents key risks and controls.
Develop recommendations to close identified control gaps.
BA/BS degree from an accredited college/university in Business, Information Systems Management or Computer Science (or equivalent) is required. Passing tests or certification for at least one of the following is preferred: CISA, ISO 27001 LI or LA, CISM and/or CISSP.
Ability to think analytically, communicate complex issues, and develop control recommendations.
Effective written and verbal communication; ability to present control analysis and Recommendations with clarity and professionalism.
Proven project management skills with the ability to manage multiple concurrent projects.
Assist in the overall implementation of the Company’s Compliance Management System and in the development of an overall compliance testing plan.
Assist with compliance monitoring and testing activities.
Stay abreast of federal and state regulatory changes. Report such changes to management and assist in determining appropriate responses, including the development of new testing plans.
Participate in new product development, system initiatives and other projects to ensure potential compliance related issues are adequately addressed. Make recommendations to adjust monitoring and testing plans if appropriate.
Maintain compliance related policies and procedures to ensure continued applicability and completeness.
Demonstrate an ability to adapt to any changes in the regulatory environment.
Lead the Company’s Security Assessment Program for vendors and partners.