- Company Name
- GuidePoint Security
- Job Title
- Security Consultant, Compliance- Remote (Anywhere in the U.S.)
- Job Description
-
**Job Title**: Security Consultant, Compliance
**Role Summary**
Provide expert assessment and advisory on cybersecurity compliance across multiple frameworks (CIS, NIST, ISO 27001, PCI DSS, SOC 2, HIPAA, CMMC, FedRAMP, etc.) to clients. Deliver comprehensive client deliverables, maintain certifications, and drive client satisfaction through high‑quality service, including occasional U.S. travel.
**Expectations**
- Deliver world‑class compliance assessments and remediation guidance.
- Manage client expectations and relationship across diverse industries.
- Maintain up‑to‑date technical knowledge and certifications.
- Contribute to the growth of the Compliance practice and personal professional development.
- Work collaboratively in team environments on large engagements while meeting strict deadlines.
**Key Responsibilities**
- Conduct gap analyses, control implementation reviews, and risk assessments for security standards and frameworks.
- Prepare detailed deliverables (reports, action plans, executive summaries) and communicate findings to stakeholders ranging from line staff to C‑suite executives.
- Recommend and help implement controls that align with frameworks such as CIS Controls, NIST SP 800‑53/171, ISO 27001, PCI DSS, SOC 2, HIPAA, HITRUST, CMMC/DFARS, FedRAMP, and StateRAMP.
- Perform vulnerability assessments, penetration testing recommendations, and policy reviews as required by standards.
- Participate in client engagements, workshops, and audit preparations.
- Stay current with industry developments, emerging technologies, and evolving regulatory requirements.
- Maintain and renew relevant cybersecurity and audit certifications.
- Contribute to internal knowledge sharing, mentorship, and process improvement initiatives.
**Required Skills**
- Strong analytical and problem‑solving abilities, including proficiency in modern cloud technologies and enterprise architecture.
- Excellent written communication for preparation of formal deliverables.
- Strong verbal communication and facilitation skills for education and stakeholder engagement.
- Ability to work independently, manage multiple priorities, and deliver on deadlines in a fast‑paced environment.
- Demonstrated customer‑focused mindset with ability to work across varying corporate cultures.
- Knowledgeable in operational implementation of compliance controls and frameworks.
- Experience coordinating with cross‑functional teams and managing client relationships.
**Required Education & Certifications**
- Bachelor’s degree in Information Technology, Information Security, or a related field, or equivalent experience.
- Minimum of 2 years of operational experience implementing controls for cybersecurity standards/frameworks.
- At least one industry cybersecurity certification (CISSP, CISA, CISM, GIAC, ISO 27001, or equivalent).
- Preferred: PCI Qualified Security Assessor (PCI) certification and prior consulting experience with cyber‑security standards.