Information Security Assessor

THIS IS A REMOTE, WORK-FROM-HOME POSITION.

RSI Security is a small organization where collaboration is not only encouraged, but expected. We value relationships within our team and are intentional to build and maintain a strong team camaraderie through virtual happy hours, daily morning meetings to help us start off on the right foot, and meetings dedicated solely to professional development topics to help us develop and grow together.

As the Information Security Assessor, you will work closely with clients to assess and validate a variety of organizations security controls and regulatory compliance as well as provide advisory support and recommendations on how to remediate possible gaps and issues to meet compliance and regulatory standards. 

This role will have the opportunity to lead clients engagements as well as contribute to internal process improvements to provide the team with the best resources and structure to delight our clients. 

The ideal person for this role is self-motivated, is energized by continuously learning and the fast paced world of cyber security, and believes that the ultimate way to care for their colleagues and clients is to be an active listener, exhibit compassion and also provide transparent and actionable feedback and insights with the highest level of attention to detail and review.

What are the 5 most important abilities/functions needed to accomplish?

1. Assess the security controls and regulatory compliance of a client organization (~50% of the time) – By properly scoping and understanding the client environment, business processes, people and technologies, determining compliance requirements and then assessing if the client organization can demonstrate the compliance through clear evidence that is observed, reviewed and tested. Afterwards, drafts a compliance report that outlines how the company has met compliance requirements for the company’s applicable regulations.
2. Act as an advisor to a client organization in preparation for an assessment (~25% of the time) – Guiding the client to properly prepare for controls and/or compliance audit through proper scoping and identifying sensitive data, how it is managed, determine what the requirements are needed to implement controls, perform gap analysis and generate a report outlining action items to take and policies to develop to be ready for an assessment.
3. Provide technical writing to a client organization (~5% of the time) – Leads, contributes and delegates technical writing for a client who does not have policies and procedures created to meet compliance requirements. Reviews work and provides feedback if the work is delegated to an Analyst and finalizes to share with the client. 
4. Partner with the Sales and Marketing team (~10% of the time) – Provides pre-sales meeting support and helps the sales team to create proposals for a client by understanding the client’s business, security requirements, regulatory requirements, and identify complexities. Contributes to marketing efforts, including sitting on a panel as part of a webinar and writing blogs on relevant subjects. 
5. Contribute to internal process improvements & Continuous education (~10% of the time) – Is an active contributor to internal project tasks at RSI, providing improvements to processes to maintain the highest level of efficiency and help productize RSI’s services. Stays abreast of the latest cyber security and compliance changes with 40 hours per year of CPE.

Attributes and behaviors necessary to do a great job?

• Is a trusted advisor and consultant to their clients, who approaches engagements and issues with a balance of logically analyzing the possibilities and potential issues to make thoughtful and insightful decisions and recommendations. Doesn’t jump to conclusions, isn’t grounded to any one idea, and always seeks input from others and stays on top of the latest technology advancements and marry that with RSI Security’s approach and process.
• Learning is a lifestyle, understanding that technology constantly evolves and is hungry and thirsty to learn new changes and new knowledge as the landscape of security threats changes so quickly. Is not afraid to step outside of their comfort zone and learn new systems, techniques, tools and processes.
• Excellent communication skills including written and verbal, with strong interpersonal skills, who can build trust and credibility with clients and their teams. Is a good active listener to make sure what was said and what was heard are aligned.
• Expresses emotional intelligence by communicating empathetically and connects easily with others. Approaches clients with compassion about the challenges or stress they are going through and has a quiet confidence when approaching situations but also knows seeking different perspectives and ideas is the key to a well rounded decision making process.
• Skilled team player who understands the importance of collaboration and enjoys brainstorming with colleagues and team members for maximized success.
• Impeccable attention to detail and understands that small oversights can results in big breakdowns or problems down the road. 
• Self motivation, where quality is paramount with a high degree of accountability and high sense of urgency to drive things forward.

Essential skills & experience required? What are preferred?

• Bachelor’s degree in Computer Science or equivalent education required
• Completion of training in the following areas - Google, AWS, Azure required
• 5+ years of IT experience total required; having 3+ years’ experience specifically in cyber security required 
•  At least 2 active certifications; CISA, CISM and CISSP required
• At least 1 active Qualified Security Assessor certification; HITRUST or PCIDSS QSA preferred but not required
• Demonstrated ability to interface and collaborate with executive leadership required 
• Demonstrated ability to lead complex projects and engagements and get consistent on-time results that meet expectations required 
• Demonstrated strong interpersonal and communication skills to develop and maintain relationships with clients and colleagues required
• Working technical knowledge of software development, cloud computing and network architecture required
• Intermediate to advanced working skills with various office equipment, computers and various programs including MS Word, PowerPoint, Excel required 
• Experience working with a PSA tool, such as Asana, Oracle NetSuite, Mavenlink, or Sage preferred
• Experience with Google Office Suite a plus

Position Type/Expected Hours of Work:

This is a full-time, salaried position, and regular hours of work and days to be worked are Monday through Friday, 8:00 a.m. to 5 p.m. PST

The anticipated salary range for this position is $100k and $125k. Salary may be determined based on experience, education, geographic location, and other factors. This position may be eligible for an incentive program that may include bonus and/or commission. 

RSI Security is a small organization where collaboration is not only encouraged but expected. We value relationships within our team and are intentional to build and maintain a strong team camaraderie through virtual happy hours, daily morning meetings to help us start off on the right foot, and meetings dedicated solely to professional development topics to help us develop and grow together. Our commitment to equity, equal opportunity, inclusion, and diversity is part of our broader commitment to respecting fundamental human rights across our value chain. RSI Security is proud to be an Equal Opportunity Employer.

Equal Opportunity Employer/Veterans/Disabled 

The Company will consider for employment qualified applicants with arrest and conviction records 

Benefit offerings for full-time employment may include unlimited flex vacation, 10 paid holidays, paid parental leave, 401k at 100% match, medical, dental, and vision plans, FSA, short term disability, and more Available paid leave may include paid time off, parental leave and holiday pay.

For more information on RSI Security, please visit our website - www.rsisecurity.com or our social media RSI Security LinkedIn. On our career site, you will find some of the key steps you can expect to guide you along the way.

Powered by JazzHR

XRewXtdU6i