Security-Risk Management Specialist

Job Description:
Our client is seeking seasoned Security-Risk Management Specialist to join their team on a contractual basis. The ideal candidate will be tasked with overseeing vulnerability assessments and security audits remotely. This role requires a deep understanding of security frameworks and risk management in a technology environment. The successful candidate will provide crucial insights and strategies to enhance our security posture, ensuring robust protection of key assets. This position offers the flexibility to work remotely, preferably from the Eastern or Central Standard Time zones.

Responsibilities:

• Conduct comprehensive vulnerability assessments and security audits across various digital assets.
• Interview asset owners and stakeholders to extract critical information regarding their mission, strategy, and associated security risks.
• Analyze and investigate risks, employing a methodical approach to threat identification and assessment.
• Perform on-site audits as necessary, ensuring compliance with established security protocols and frameworks.
• Evaluate the effectiveness of existing controls and recommend enhancements to fortify security measures.
• Identify and assess potential risks and exposures in partner assets, proposing strategic remediation solutions.
• Collaborate closely with internal and external stakeholders to align security strategies with business objectives.
• Document findings and prepare detailed reports to inform management and guide decision-making processes.

Qualifications:

• Minimum of 10 years of experience in security risk management or a related field.
• Proven expertise in secured environment controls such as FedRAMP, NIST, FISMA, or STIG.
• Skilled in vulnerability management, resolution, and verification processes.
• Experience in hardening systems to comply with security benchmarks such as CIS.
• Familiarity with vulnerability scanners like Qualys is preferred.
• Ability to automate tasks using Python, Ansible, or similar tools.
• Knowledge of cloud solution offerings and their associated security considerations.
• Excellent communication skills, capable of engaging effectively with technical and non-technical stakeholders.

GDH provides equal employment opportunities (EEO) to all employees and applicants for
employment without regard to race, color, religion, sex, national origin, age, disability, genetic
information, veteran's status or any other category protected by law. In addition to federal law
requirements, GDH Consulting, Inc. complies with applicable state and local laws governing
nondiscrimination in employment in every location in which the company has facilities and/or
employees. This policy applies to all terms and conditions of employment, including recruiting,
hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence,
compensation, benefits and training. Applicants with disabilities that require an accommodation
or assistance in applying and/or for interviewing, please contact our HR Department.

Please visit GDH's website for notice of collection for California applicants.