Company: Financial Services
Location: 100% Remote
Title: Senior IT Security Consultant
Start Date: Immediate
Project Length: 6 months (could easily go longer)
Q&A with hiring manager:
Question: Are you expecting a 40-hour week?
Answer: Yes, “1-day” assessments are 20 hours and “2-day” assessments are 40 hours (assumes pre / post call work). Schedule is fluid and based on assessment volume from the client. We are currently averaging 1 assessment per week.
Question: Is there an expected work schedule (e.g. 8:30am – 5:30pm)?
Answer: Schedule is based on the client. But we are looking to utilize this resource full time based on performance (so around 40 hours per week).
Question: Will the clients be on Pacific time or will this be nationwide so multiple time zones?
Answer: Pacific Standard Time for internal client requirements. But the third party assessments may require some flexibility based on their location.
Question: 100% remote?
Answer: Yes, all remote.
Questions: Initial project period?
Answer: 6 months is the initial expectation based on current project length (though could be longer or shorter).
- Obtain third party pre-assessment information from Purchaser
- Follow-up meeting with third-party and Purchaser for missing information/clarifications
- Perform service scoping as necessary with information security or other Purchaser stakeholders
- Draft assessment agenda with finalized scope
- Schedule scoping meetings with third parties, as needed
- Maintain scheduling and assessment findings logs
- Provide regular status reports to Purchaser
- Facilitate sending of questionnaires to in-scope third parties
- Facilitate receipt of completed questionnaires and manage timely responses via agreed upon tool or process
- Review documentation, including questionnaire responses and supporting evidence to commence risk assessment
- Conduct onsite assessment meeting (either 1-day or 2-days onsite)
- Document observations and associated evidence
- Document potential findings and remediation activities in risk summary
- Raise queries with third party contacts, if required
- Finalize draft risk assessment documentation
- Perform quality control and finalize assessment of draft completed documentation package
- Prepare finalized draft assessment reports
- Discuss draft findings, proposed actions and third-party specific insights with Purchaser within 2 weeks of on-site assessment
- Finalize draft detailed and summary reports in agreed upon tool within 2 weeks of discussing draft findings
- Facilitate post-review meeting (as required)
Step 5 (ongoing):
- Update repository of record and third-party risk assessment calendar
- Produce weekly, bi-weekly, and monthly reports
- Prepare and communicate quarterly third-party insights
- Prepare and communicate potential refinements to third party risk assessment requirements and approach (periodic)
For immediate consideration, please email your resume in Word format to Cameron Wall at firstname.lastname@example.org.