Job Description :
Position: Information Security Consultant - Insurance Domain
Location: Greater Madison, WI
Duration: 6 Months + Extension

Job Description:
Deliver security solutions that are in line with business requirements, standard policies and procedures. Implement and maintain security infrastructure and software in alignment with regulatory and compliance requirements. Respond to and resolve security incidents and issues. Document security systems and operational processes.

Primary Responsibilities:
Monitor adherence to information security policies, process and procedures; maintain information security documentation and reporting to ensure that information security management is effective and integrated with other Information Technology (IT) processes
Ensure operational effectiveness and efficiency by reviewing and evaluating information security practices, identifying opportunities for improvement and acting on key issues that may impede information security to maintain process integrity
Identify, communicate and monitor standards and quality criteria for information security to provide to relevant stakeholders to assure consistency, alignment and a full audit trail
Assess and deliver a long term log management and data retention plan for all devices
Assist in measuring compliance against minimum security baselines using a combination of manual and automated methods; work with application and server teams to remediate identified gaps
Research and monitor information security market intelligence for optimal monitoring and reporting tools, techniques and enhancements available to help manage security compliance in a multi-vendor environment
Ensure adherence and compliance to information security practices, customer service principles and service level agreements
Contribute to the plan and delivery of information security solutions to support achievement of strategy and risk management objectives
Select and analyze security products to determine the viability and quality of the product and ensure it meets business requirements; prepare corresponding business cases to assist in the justification of provided solutions
Contribute to the development and maintenance of systems for data classification to support data security objectives
Perform vulnerability assessments including penetration testing and firewall reviews; provide risk assessment and analysis by identifying and mitigating potential threats
Collaborate with architecture, engineering and operations to tightly integrate real time security monitoring; participate in planning and enterprise architecture optimization
Manage and work with vendors to troubleshoot issues, problems and enhancements
Provide oversight and mentoring in secure coding practices within application development teams to maintain consistency and increase the knowledge sharing framework
Contribute to a positive work environment by demonstrating cultural expectations and influencing others to reward performance and value "can do” people, accountability, diversity and inclusion, flexibility, continuous improvement, collaboration, creativity and fun
Adopt CLIENT values in personal work behaviors, decision-making, contributions and interpersonal interactions; manage own career development by soliciting feedback and valuing other perspectives

Education:
Bachelor''s Degree or equivalent combination of education and work experience

Licenses/Certifications:
CISSP, CISM, CISA, CERT, Cisco, SANS

Experience:
3 years’ experience in documenting and managing security or regulatory requirements.
Experienced resource on regulatory projects, control and compliance improvement initiatives with a strong control mindset – experience in working with / in operational risk departments or cyber security would be a plus
Strong analytical skills and critical mind-set
Knowledge in financial services (banking, insurance, etc: trade execution & clearing, settlement, finance & accounting, regulations, etc.

Knowledge:
Working knowledge of process management and continuous improvement methods and techniques
Working knowledge of legislative and regulatory compliance
Applied knowledge of industry best practices associated with information security
Understanding of technical architecture and different platforms used within a business
Knowledge of risk assessment procedures, policy information, role-based authorization methodologies and authentication technologies

Skills:
Develop and maintain effective working relationships with key stakeholders to share knowledge and ensure consistency
Identify and prioritize gaps to contribute to the development and maintenance of IT security risk and/or control framework
Understand and improve the interdependencies between information security and other IT processes
Effectively present information to influence and negotiate
Act as a change agent to influence relevant stakeholders to adhere to information security practices
Review change control procedures
Effectively communicate in verbal and written format
Understand the needs and goals of the customer and actively look for ways to meet them
Complete regular compliance reporting
Adapt and be flexible in a complex, changing environment
Manage one''s own time
Perform project consulting and security sign off for solution designs

Travel Frequency:
Infrequent (approximately 1-4 trips annually)

Physical Demands:
General office jobs
Work is generally performed in an office environment in which there is not substantial exposure to adverse environmental conditions. Must have the ability to remain in a stationary position for extended periods of time. Must be able to operate basic office equipment including telephone, headset and computer. Incumbent must be able to lift basic office equipment up to 20 pounds.