The Cybersecurity Consultant will function in a consultative role, perform both technical and non-technical assessments and generate billable revenue for the company. This role is responsible for reviewing client environments and policies against a framework of IT security standards and best practices, documenting findings, observations, recommendations and presenting in a written form.
Agio is a hybrid managed IT and cybersecurity provider servicing the financial services, health care and payments industries. The company has extensive experience supporting the alternative investment space, specializing in hedge funds, private equity firms and asset managers. Agio offers technology hosting, monitoring, management, helpdesk, disaster prevention and recovery, as well as managed security, 360° cybersecurity programs, virtual CISO (vCISO) support and cybersecurity consulting. With nearly 280 employees, the company is headquartered in New York, NY with its Network Management Center (NOC) in Norman, OK and Security Operations Center (SOC) in Raleigh, NC. For more information, please visit https://agio.com/.
The Cybersecurity division of Agio provides customers with superior compliance and security solutions and services. Industry recognized for knowledge and skills in HIPAA Security Rule compliance, the Payment Card Industry Data Security Standard (PCI DSS), and IT security consulting, the professionals deliver expertise with attention to both Cybersecurity and business needs. We are seeking senior cybersecurity consultants to help serve our expanding client base. This position requires the individual to function in a consultative role, lead a team in the performance of technical and non-technical assessments and generate billable revenue for the company. This role is responsible for reviewing client environments against a framework of IT security standards and best practices, documenting findings, observations, recommendations and presenting in a written from. Some evaluations require incorporating the results of technical testing into an overarching risk assessment. Previous employment in a consultative role is strongly desired.
Applicants should have 5 or more years' experience in the IT security (Cybersecurity) field (experience with the HITECH, HIPAA Privacy and Security Rule are required) and should be able to provide advisory services centered on compliance. Direct compliance or IT Security experience at a Hospital or Healthcare Provider or demonstrated experience knowledge of healthcare operations and business processes required. Working knowledge of IT security frameworks and regulations such as NIST, ISO, CSF, HIPAA, HITECH, HITRUST CSF, and Security Breach Notification. An understanding of IT security technologies, including network and application security, firewalls, access management, and data protection.
Candidates should also have direct experience with two or more of the following:
- HITRUST Common Security Framework
- NIST Cybersecurity Framework
- NIST Special Publication 800-53
- ISO 27002
- Payment Card Industry Data Security Standard (PCI DSS). QSA experience a plus.
- Security Risk Assessments
- Reporting to the Managing Director of Cybersecurity Consulting, attend to customers’ general and/or specific security needs on an hourly or project fee basis. Specific activities may include but is not limited to vulnerability testing, gap analysis against a particular compliance requirement, security risk analysis, and security policy consulting.
- As assigned, function as the virtual CISO for a given set of customers and assume responsibility for the actions performed and the overall security posture for said customers.
- Develop and deliver professional reports, presentations and other content as required to satisfy contracted work; superior writing skills required.
- Maintain documentation and notations for use by the customer and internally, for each customer.
- Participate with account teams to address client needs, problem solving and creating solutions designed to deliver value and exceed client expectations.
- Train and certify as required to supplement current certifications
- Provide accurate, timely and complete time reporting for the purposes of customer billing.
- Build and maintain strong customer relationships.
- Assist the sales staff in the generation of new and management of existing business, including on site sales visits, pre-sales conference calls and assistance with proposal generation.
- On a rotating basis, provide after business hours support to the customer base through the company maintained on call system.
- At request, gain and maintain accredited vendor and non-vendor specific certifications.
- Participate in company designated meetings.
Due to the nature of the work performed for customers, it may be necessary to work outside of normal business hours to perform certain tasks. Some overnight travel is also required.
This is a Client-facing position. Superb oral and written communication skills are required.
Applicants should already have one or more of following Security certifications:
- CISSP, CISM, CCSFP, HCISPP, or CIPP
- HITRUST CSF (Practitioner)
- SANS GSEC
- PCI QSA
- CISA, GSNA, ISO Lead Auditor