Senior IT Security Advisor

About VeraSafe:VeraSafe is an innovative and successful U.S. headquartered international privacy and cybersecurity compliance consulting firm and law firm.Watch / listen to learn more about VeraSafe: Check out our podcastApple Podcast: https://apple.co/4b28hwEYouTube: https://www.youtube.com/@PrivacyInPractice/videosSpotify: https://bit.ly/4moSMU7VeraSafe is proud to be certified as a Great Place to Work, with 97% of our employees affirming that we are truly a great place to work. This means we foster trust, collaboration, and a positive work environment. We are committed to maintaining this standard of meaningful work, work-life balance, and a supportive community. Check out our great benefits, listed at the end of this job description.About the Role:VeraSafes mission: Provide the worlds best data protection advice, with a human touch. Right now, we are seeking an Senior IT Security Advisor to join our growing team and help us pursue this mission.We are inundated with business from clients who love the way we advise on privacy compliance (hence the need for you).This is an excellent opportunity for anyone who wants to join a team working on the cutting edge of privacy, data protection, and cybersecurity, and is excited about assisting a wide range of clients with fractional CISO-type support, including IT security program design, implementation, and management.Key ResponsibilitiesPractice Development:Oversee VeraSafes cybersecurity consulting program through the management of team members, client relationships, and projects/deliverablesExpand on VeraSafes security consulting offerings, with an initial focus on Microsoft 365 hardening, configuration auditing, and risk assessmentFurther develop internal service delivery methodologies, documentation, templates, and quality control processesCollaborate with sales and marketing to position and refine service offeringsClient Engagement and Delivery:Lead and deliver consulting projects, including fractional-CISO-type engagements with a strong focus on securing Microsoft 365 environmentsConduct detailed cybersecurity risk assessments, including analysis of current security controls, vulnerabilities, and threat landscapeProvide oversight and strategic direction for incident response, including breach containment, investigation, and post-incident reviewLead and execute security assessments, architecture reviews, IT security policy drafting and implementation, and remediation planningCommunicate findings and recommendations to clients clearly and professionally either through written reports and executive briefings or execution of hands-on implementationBuild trusted relationships with client stakeholders, including CISOs, IT directors, and compliance teamsCollaborate with project managers and privacy-focused project teams to determine and meet client requirements and specific project needs. Analyze practical situations and develop solutions to specialized needsTeam Leadership:Train and mentor consultants and technical specialists on your teamManage project timelines and delivery quality across multiple concurrent engagementsEventually help grow and manage a team of IT security advisorsThought Leadership and Cross-Functional Collaboration:Stay current on evolving security threats and technologiesRepresent our IT security practice internally and externally, including contributions to client alerts and conference talksCollaborate with VeraSafes Professional Services leadership to ensure tight integration between our IT security and privacy advisory servicesRequired Qualifications:At least six years of hands-on experience in IT security consulting, IT security engineering, or equivalentAt least one relevant certification (e.g., CISA, CISSP, CISM, CRISC, CCSP, SC-100 Cybersecurity Architect)Deep technical expertise in Microsoft Defender XDR, CrowdStrike Falcon, SentinelOne, or other similar technologiesProficiency with IT security standards and frameworks (e.g., NIST CSF, ISO/IEC 27001, NIST 800-53, NIST 800-171, CIS Controls)Experience performing audit readiness assessments for frameworks and regulations such as HIPAA, ISO (e.g., 2700 series), NIST (e.g., CSF), GLBA, or othersTechnical background in scripting, automation, or security tooling (e.g., PowerShell, Sentinel, Defender for Endpoint)Experience developing and conducting tabletop exercises such as Business Continuity and Disaster Recovery scenariosExperience conducting enterprise-wide formal risk assessmentsStrong understanding of email security (DKIM, DMARC, SPF)Familiarity with security stacks to include SIEM/SOAR, IAM, EDR, CASB, etc.Strong understanding of cloud security posture assessmentsStrong understanding of enterprise security principles, zero trust architecture, and IT security risk managementExperience leading teams and managing consulting engagementsWillingness to learn new skills and receive direction and feedback from team membersWillingness to pursue and maintain privacy certifications (e.g., CIPP/E, CIPM, CIPT)Preferred Qualifications:Experience working directly with clients, in a service-oriented environmentExperience building or growing a consulting practice or service lineExperience in regulated industries (e.g., healthcare, finance, pharma)Familiarity with contract provisions that address data protection and security responsibilitiesExperience migrating or overseeing the migration of systems from on-premises or hybrid to cloud-federated systemsExperience with development and implementation of incident response plansProfessional involvement in the privacy and/or data security space (attendance at privacy conferences; membership or publication in the IAPP, ISACA, etc.)Privacy certification (or similar)Key Competencies:Detail-oriented and highly organized with a strong work ethicAbility to thrive and perform in a fully remote and international environmentExcellent written and verbal communication skillsHighly skilled in time management to enable successful work with international teams in meeting deadlinesHighly capable of independent work to fully deliver on all commitmentsAbility to work productively in a cross-functional, multi-disciplinary consulting teamExperience building and maintaining relationships with colleagues and clients through polished, professional interactions and products regardless of the clients experience with VeraSafes service lineVeraSafe Values:In addition to technical knowledge, skills, and competencies for a specific position, VeraSafe seeks team members who are proficient in values critical to our organization. For managers, we are seeking individuals who demonstrate interest in and experience applying:Creativity and InnovationFeedbackMentorshipPeople DevelopmentBusiness AcumenVeraSafes Excellent Benefits Include:Work from almost anywhere with Wi-FiPaid Time Off (PTO)Paid holidaysAnnual bonusesMembership in the International Association of Privacy Professionals (IAPP) and IAPP exam fee reimbursement (CIPP/E)Flexible working schedule in some rolesReimbursement for certain personal flight ticketCompany laptop providedOptional IT Hardware Buyback ProgramNote:There is a 1-3 hour skills assessment associated with the recruitment for this position. We know this is a burden, but we think its worth it, and we appreciate you taking the time to complete it. Weve found it enables us to find the best team members, regardless of their experience, where they went to school, or where they were trained. We want smart, kind, creative colleagues, plain and simple, and this assessment is a crucial part of our ability to hire this way.Our HR Privacy Notice is available at the following link:https://verasafe.com/legal/human-resources-privacy-policy/