Senior Security & Risk Management Consultant

at  WithSecure

$135,000 - $160,000
WithSecure™ delivers research-led cyber security to defend organizations, society and people from real-world attacks and build resilience into their approach. Our people are a mix of technical and creative experts – diverse, talented, and passionate people – working tirelessly to help us advance the industry with new ways of thinking. They lead their own development, in and out of the office. They call the shots when it comes to building a place to call home in our organization.
We have openings for Security Risk Management (SRM) Consultants on our US team, working remotely, based out of New York City. In this role you will help clients identify their cybersecurity risks, assess the effectiveness of their defenses, and recommend improvements to establish a robust security posture.

WHAT WE NEED

We solve complex cyber-security problems daily and to do so requires an interesting and comprehensive set of skills. To be successful at WithSecure and help our clients with their challenges you’ll need the following:

COMMUNICATION SKILLS

Communication skills are just as important as your technical abilities. Senior Consultants are adept at explaining what we did, how we did it, and how clients can remediate it. They can present both the bigger picture and the microscopic details of an engagement to a range of audiences from high-level business stakeholders to up-and-coming team members.
Research motivation
WithSecure has a commitment to research. Our consultants get a percentage of their time dedicated to it in order to ensure their skills remain relevant. You should be keen to produce research that pushes the industry forward as well as contribute to WithSecure Labs (https://labs.withsecure.com). Whether research time is used to investigate new software, hardware or protocols, we encourage our team to push the boundaries of what is possible!
While working solo or inspiring others to work as part of a team, Senior Consultants often serve as our most active research champions.

OPPORTUNITIES TO UPSKILL AND GROW

This position offers excellent opportunities for continuous learning, skill development, and career growth. You will work with clients across multiple industries with disparate needs and cybersecurity maturity levels, providing you with exposure to a wide range of security practices and issues. You will also become a member of a diverse and highly talented team with a passion for security. This strong network provides opportunities for collaborative learning and support for taking on new challenges. In this environment, SRM consultants are welcome to expand into more technical activities such as cloud configuration reviews, penetration testing and more.

NO ONE SHOULD EXPERIENCE A SERIOUS LOSS BECAUSE OF A CYBER ATTACK

We envision a future where no one should experience a serious loss or be put out of business because of cyber attack or crime. At least no one who puts their trust in us.

KEY RESPONSIBILITIES

SRM Consultants are responsible for delivering key services including:

• Cybersecurity Risk and Control Assessments - Provide clients with an understanding of the current state and gaps in their cybersecurity program and provide recommendations for improvement. These assessments are often performed against industry standards and regulatory requirements such as ISO 27000, NIST CSF, NY DFS 500, NIS2, DORA and PCI DSS.
• Threat Modelling and Secure Design Review - Analyze system architecture, identify potential security threats, and review planned security controls to identify any gaps and ensure effective implementation. This activity involves reviewing system design documentation and working closely with development teams.
• CISO as a Service - Act as a trusted advisor to provide clients who lack a dedicated CISO with cybersecurity leadership, expertise, strategic development and program execution to achieve and maintain a strong security posture. In this capacity the consultant serves as a virtual member of the client’s C-Suite.
• Incident Response and Crisis Management Tabletop Exercises - Design and facilitate cybersecurity incident simulations to allow clients to practice and test their response procedures in a realistic scenario. Document exercise results and provide actionable feedback for improvements.

In addition, SRM Consultants engage with clients to understand their security needs, design and scope projects, and document proposals for delivery of services.