Remote - Security Compliance Consultant

Job Title: Security Compliance Consultant

Location: Chicago, IL (Remote)

Job Description

Reporting to the Director of Information Security, theIT Security Compliance Consultant will have tactical and strategic responsibilities with heavy involvement in security compliance and support role in security operations.  A significant element of this role is driving forward Info-Security compliance efforts with industry-specific regulatory requirements, with a heavy focus on PCI DSS.   You will collaborate closely with IT Operations, Engineering, Legal, Audit, Risk and Finance teams to implement security safeguards, manage security risk and drive continual process improvements. In addition, you will also be providing support in monitoring, analysis, and resolution of security events with the aid of available tools, and countermeasures.

Primary Responsibilities:

• Lead efforts to achieve and maintain PCI DSS compliance for in-scope systems
• Oversee efforts to ensure IT General Controls meet requirements defined requirements.
• Coordinate IT SOX compliance efforts with internal and external auditors
• Conduct or assist with internal security assessments, provide recommendations to mitigate risks, and manage resulting corrective action plans and projects
• Conduct technical risk assessments, privacy assessments and information security reviews on internal systems, applications and platforms providing security remediation advice and training to technical personnel
• Oversee endpoint and system vulnerabilities management program
• Lead assessment and mitigation efforts to ensure appropriate access levels to systems and resources
• Support internal audits, including risk and compliance of our technical and client-facing teams

Additional Responsibilities:

• Monitor and manage security alerts from key information security dashboards (SIEM, IDS, EDR, etc.).
• Perform root-cause analysis for information security related issues and related actions
• Assist with the creation, enforcement, and training of employees on information security policies
• Proactively monitoring network traffic for unusual activity
• Facilitate, review and complete vendor and client IT audit questionnaires and 3rd party assessments
• Other duties as assigned

Required Qualifications:                                                                                                                 

• Bachelor’s degree in Computer Science or relevant  
• At least 2 years of relevant experience in IT with significant exposure to Operational Information Security 
• Experience with vulnerability management, and AV solutions.
• Highly organized, and detail-oriented with a strong work ethic and sound all-around judgment
• Proven ability to manage multiple projects simultaneously under tight deadlines
• Self-starter who thrives when trusted with the autonomy to identify areas in which you can add value and to develop and execute plans for improving such areas
• Strong verbal and written communication skills with internal teams and external clients
• Ability to travel domestically and internationally as required

Preferred Qualifications:

• Bachelor’s degree in IT or relevant field, or the equivalent combination of education and experience
• At least 4 years of relevant experience in IT security and/or IT Operations
• 2-3 years of with significant exposure to IT regulatory controls, including PCI DSS
• Foundational understanding TCP/IP protocols, Operating Systems and Network Security
• Experience in Office 365 and Azure Security
• Previous experience in PCI SSD compliance and regulatory frameworks
• Experience (PowerShell, Python, Perl, etc.)
• End Point Protection such as Symantec, Carbon black or Palo Alto 
• One or more security certificates (CompTIA Security+, CISSP, CISA)
• Self-starter who thrives when trusted with the autonomy to identify areas in which you can add value and to develop and execute plans for improving such areas
• Strong verbal and written communication skills with internal teams and external clients