Information Security Assessor

San Diego, CA, United States

THIS IS A REMOTE, WORK-FROM-HOME POSITION.

The starting salary range is 100k-125k based on your experience, education, and skills. There is also bonus potential for this position.

RSI Security is a small organization where collaboration is not only encouraged, but expected. We value relationships within our team and are intentional to build and maintain a strong team camaraderie through virtual happy hours, daily morning meetings to help us start off on the right foot, and meetings dedicated solely to professional development topics to help us develop and grow together.

Our employees receive a competitive compensation package and enjoy various benefits such as:

Unlimited flex vacation

10 paid holidays

Paid parental leave

401k 100% match

Medical, Dental, and Vision plans

FSA

Short term disability

and more!

For more information on RSI Security, please visit our website - www.rsisecurity.com or our social media RSI Security LinkedIn

As the Information Security Assessor, you will work closely with clients to assess and validate a variety of organizations security controls and regulatory compliance as well as provide advisory support and recommendations on how to remediate possible gaps and issues to meet compliance and regulatory standards.

This role will have the opportunity to lead clients engagements as well as contribute to internal process improvements to provide the team with the best resources and structure to delight our clients.

The ideal person for this role is self-motivated, is energized by continuously learning and the fastpaced world of cyber security, and believes that the ultimate way to care for their colleagues and clients is to be an active listener, exhibit compassion and also provide transparent and actionable feedback and insights with the highest level of attention to detail and review.

What are the 5 most important abilities/functions needed to accomplish?

Assess the security controls and regulatory compliance of a client orgnization (~50% of the time) – By properly scoping and understanding the client envionrment, business processes, people and technologies, determining compliance requirements and then assessing if the client organization can demonstrate the compliance through clear evidence that is observed, reviewed and tested. Afterwards, drafts a compliance report that outlines how the company has met compliance requirements for the company’s applicable regulations.

Act as an advisor to a client organization in preparation for an assessment (~25% of the time) – Guiding the client to properly prepare for controls and/or compliance audit through proper scoping and identifying sensitive data, how it is managed, determine what the requirements are needed to implement controls, perform gap analysis and generate a report outlining action items to take and policies to develop to be ready for an assessment.

Provide technical writing to a client organization (~5% of the time) – Leads, contributes and delegates technical writing for a client who does not have policies and procedures created to meet compliance requirements. Reviews work and provides feedback if the work is delegated to an Analyst and finalizes to share with the client.

Partner with the Sales and Marketing team (~10% of the time) – Provides pre-sales meeting support and helps the sales team to create proposals for a client by understanding the client’s business, security requirements, regulatory requirements, and identify complexities. Contributes to marketing efforts, including sitting on a panel as part of a webinar and writing blogs on relevant subjects.

Contribute to internal process improvements & Continuous education (~10% of the time) – Is an active contributor to internal project tasks at RSI, providing improvements to processes to maintain the highest level of efficiency and help productize RSI’s services. Stays abreast of the latest cyber security and compliance changes with 40 hours per year of CPE.

Attributes and behaviors necessary to do a great job?

Is a trusted advisor and consultant to their clients, who approaches engagements and issues with a balance of logically analyzing the possibilities and potential issues to make thoughtful and insightful decisions and recommendations. Doesn’t jump to conclusions, isn’t grounded to any one idea, and always seeks input from others and stays on top of the latest technology advancements and marry that with RSI Security’s approach and process.

Learning is a lifestyle, understanding that technology constantly evolves and is hungry and thirsty to learn new changes and new knowledge as the landscape of security threats changes so quickly. Is not afraid to step outside of their comfort zone and learn new systems, techniques, tools and processes.

Excellent communication skills including written and verbal, with strong interpersonal skills, who can build trust and credibility with clients and their teams. Is a good active listener to make sure what was said and what was heard are aligned.

Expresses emotional intelligence by communicating empathetically and connects easily with others. Approaches clients with compassion about the challenges or stress they are going through and has a quiet confidence when approaching situations but also knows seeking different perspectives and ideas is the key to a well rounded decision making process.

Skilled team player who understands the importance of collaboration and enjoys brainstorming with colleagues and team members for maximized success.

Impeccable attention to detail and understands that small oversights can results in big breakdowns or problems down the road.

Self motivation, where quality is paramount with a high degree of accountability and high sense of urgency to drive things forward.

Essential skills & experience required? What are preferred?

Bachelor’s degree inComputer Scienceorequivalent education required

Completion of training in the following areas - Google, AWS, Azure required

5+ years of IT experience total required ; having 3+ years’ experience specifically in cyber security required

At least 2 active certifications; CISA, CISM and CISSP required

At least 1 active Qualified Security Assessor certification; HITRUST or PCIDSS QSA preferred but not required

Demonstrated ability to interface and collaborate with executive leadership required

Demonstrated ability to lead complex projects and engagements and get consistent on-time results that meet expectations required

Demonstrated strong interpersonal and communication skills to develop and maintain relationships with clientsand colleagues required

Working technical knowledge of software development, cloud computing and network architecture required

Intermediate to advanced working skills with various office equipment, computers and various programs including MS Word, PowerPoint, Excel required

Experience working with a PSA tool, such as Asana, Oracle NetSuite, Mavenlink, or Sage preferred

Experience with Google Office Suite a plus

Culture-fit? What do they have to do to be a good culture-fit? What values should they have?

RSI Security is the nation’s premier cybersecurity and compliance provider, dedicated to helping organizations achieve risk-management success.

Our foundation is built on systemization and we attribute our achievements as a team to being process driven, data driven and documentation driven.

We believe that “Our Success is in Securing Yours” and we believe that for both our clients as well as our team, and have dedicated our core values to that, SUCCEED. We succeed by having a people first mindset- creating trusting relationships with our clients and colleagues that is based on transparency, and challenging each other to be better, think differently, and consider different ideas to come up with the right solution.

WIIFM (What’s in it for me? Why should I be interested if I’m your ideal candidate? What is the opportunity? The sizzle?)

RSI Security is a small, tight knit organization where collaboration is not only encouraged, but expected. We value relationships within our team, and are intentional to build and maintain a strong team camaraderie through virtual happy hours, daily morning meetings to help us start off on the right foot, and meetings dedicated solely to professional development topics to help us develop and grow together.

This opportunity will offer the right individual:

The opportunity to have a positive impact on the clients we serve through thoughtful and proven processes.

Access to working with a team of exceptional technical professionally who challenge one another to find the right support for our clients and develop and grow each other personally and professionally.

The opportunity to join a team of Warriors, who all have the same values and commitment to approaching cyber security threats and problems, and believes that “WE” is greater than “I”.

Supervisory Responsibility:

This position has no supervisory responsibility: will manage projects, processes,and deliverables

Position Type/Expected Hours of Work:

This is a full-time, salaried position, and regular hours of work and days to be worked are Monday through Friday, 8:00 a.m. to 5 p.m.; however, this position can irregularly be required to work long hours and infrequent weekend work depending on the needs of the business.

Additional Eligibility Qualifications:

Must have an active driver’s license. Must submit to a background check as a contingency for the position.

Work Authorization/Security Clearance(if applicable):

Must be authorized to work in the United States. Each candidate is required to comply with federal and local laws and authorization will be checked through E-verify.

#J-18808-Ljbffr