Consultant Information Security Compliance
Hopkinton, MassachusettsJob ID R88367 Date posted Jan. 19, 2019
Consultant, Information Security and Compliance
Location: Remote United States based
Virtustream, a Dell Technologies business, is the enterprise-class cloud company that is trusted by organizations worldwide to migrate and run their mission-critical applications in the cloud. For enterprises, service providers and government agencies, Virtustream’s xStream® Management Platform and Infrastructure-as-a-Service (IaaS) meets the security, compliance, performance, efficiency and consumption-based billing requirements of complex production applications in the cloud – whether private, public or hybrid.
In this role, the Consultant Security & Compliance will be responsible for supporting the goals, strategy and methodologies related to internal corporate and client-based Audit & Compliance activities. The role will ensure that audit, compliance, and continuous monitoring activities are performed in accordance with the establishment and maintenance of all compliance certification requirements. The role will also be responsible for ensuring operational excellence in the protection and security of corporate assets and client data within the internal cloud environment.
- Minimum of ten (10) years of general and broad-based experience in the Information Technology (IT) field and Min of five (5) years in IT systems audit, internal audit, external auditor, compliance or GRC role
- Direct experience with SSAE18 SOC 1&2, HIPAA, and PCI audits and working knowledge of the following additional compliance frameworks: ISO 27001, CSA CCM, FISMA, HITRUST, NIST 800-53, NIST 800-171, GDPR and FedRAMP.
- Understanding of cloud-based information systems and network architecture
- Strong knowledge of GRC tools (RSA Archer, ServiceNow, GRC, etc.)
- Experience developing or enhancing security policies and procedures
- Working knowledge of virtualization technologies
- Excellent communication writing, presenting and speaking skills
- Ability to work in a collaborative team environment and travel periodically
Preferred Education and Experience:
- CISSP, CISM, CISA Certification highly preferable
- PCI ISA/PCIP/Former QSA, CIPP/EU, CEH, ITIL Foundations, ISO 27001 Lead Auditor/Implementer
- Bachelor’s Degree or Master’s degree in Information Security, Cyber Security, Risk Management or similar discipline preferred
Roles and Responsibilities:
- Report to the Director, Security and Compliance
- Lead the SSAE18 SOC1&2 (including HIPAA/HITECH/HITRUST and CSA STAR Bolt Ons), PCI-DSS, ISO 27001, NIST 800-53 and other framework audits, audit preparation activities and gap analysis and remediation.
- Design controls, procedures and consult on technology designs and infrastructure management solutions and processes to achieve compliance
- Document and regularly review security policies, processes and procedures
- Create, generate, and update for each audit the Plans of Action and Milestones (POA&M), or Remediation Plans
- Identify root cause issues impacting multiple audit frameworks and present findings to Director and above for support
- Compliance framework continuous monitoring and compliance and assurance activities
- Work with Vulnerability Management Team to make sure required scans are being performed
- Work with operations to make sure remediation and patching activities are being performed in a timely manner
- Disaster Recovery and Business Continuity test exercises and documentation updates
- Security compliance liaison between external sales team and customers and internal teams to assess risk, identify, develop, and enforce policies, procedures and internal controls
- Leverage dashboards or platform specific consoles and repositories including third party security services associated with security processes and tools to represent threats and vulnerabilities in the environment
- Contribute to compliance and security awareness and training activities, materials and training content, including the Virtustream Trust Center
- Assist in ensuring departmental goals are achieved, timelines are met, and service excellence is provided in all aspects of compliance work.
- Work with internal business leaders to understand and prioritize compliance requirements for new product go-to-market, identify any compliance “barriers to entry” for either the product and/or region
- Support sales efforts by responding to security and compliance questions, RFP’s, and joining customer sales calls to address compliance questions and concerns
- Periodic travel required to supervise audit activities or participate in customer sales activities
The successful candidate will:
- Have the ability to work effectively in the high tech, high pressure business culture
- Be dynamic and creative – with a desire to work in a rapidly evolving organization
- Able to work within a team as well as alone andthe ability to prioritize and meet deadlines
- Have flexibility and desire to travel, as client assignments require
- Excellent written and verbal communication skills
- Possess enthusiasm and drive and align with our corporate culture
Dell is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Dell are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Dell will not tolerate discrimination or harassment based on any of these characteristics. Learn more about Diversity and Inclusion at Dell here.