Neutral Partners Security and Compliance Consultant Remote · Full time

A Security and Compliance Consultant’s primary responsibilities include assisting clients in developing, managing, and implementing information technology and cybersecurity compliance programs that meet security and IT frameworks; specifically SOC 2 and ISO 27001. Client engagements typically consist of gap assessments, internal audits, policy/procedure development, risk assessments, incident response/disaster recovery exercises, evidence upload, and external assessor audit support.

Description

Duties:

  • Project manage multiple complex engagements to prepare clients to undergo external assessor IT/cybersecurity compliance audits
  • Conduct gap assessments mapped to the SOC Trust Services Criteria and ISO 27001 frameworks
  • Create, review, and maintain security policies, scoping documents, and all required SOC Trust Services Criteria and ISO 27001 policy and procedure documentation
  • Conduct annual risk assessments with accompanying risk treatment plans
  • Provide subject matter expert guidance to clients on proper technical implementation meeting SOC Trust Services Criteria and ISO 27001 framework requirements
  • Manage evidence collection in preparation for clients' external assessor audits
  • Attend and act as a subject matter representative of clients during external assessor audits


Requirements:

  • Experience with and knowledge of healthcare operations and business processes
  • In-depth understanding of NIST, SOC 2, and ISO 27001 security/compliance frameworks
  • Knowledge of complex enterprise-wide IT tools, architecture, and implementations
  • Demonstrated experience in performing security and privacy risk assessments
  • Demonstrated experience in performing compliance assessments and implementing regulatory requirements
  • Demonstrated experience in writing compliant policies, procedures, and other documentation within various information security frameworks
  • Ability to work remotely and collaborate with others via video conferencing
  • Results-oriented mindset
  • Ability to self-motivate
  • Strong written and oral communication skills
  • Strong project management skills
  • High school diploma or GED
  • One to three (1-3) years of experience in information security, IT audit, information technology, or related field


Desired:

  • One of the following certifications:
  • CISA (Certified Information Systems Auditor)
  • CISM (Certified Information Security Manager)
  • CISSP (Certified Information Systems Security Professional)
  • Extensive knowledge of SOC 2 Trust Services Criteria
  • Extensive knowledge of ISO 27001 standards
  • Bachelor’s Degree in Information Technology, Cybersecurity, or related field


Benefits:

  • Health Care: Cover 75% of the premium of the team member
  • Dental Care: Cover 75% of the premium of the team member
  • Vision Care: Cover 75% of the premium of the team member
  • 401(k): 100% match of up to the first 5% of team member’s pay
  • 100% Remote
  • Unlimited Paid Time Off
  • All Federal Holidays Off

Salary

$80,000 - $90,000 per year