Pay Rate: $70
Location: Chicago IL
Job Type: Contract

Company: Financial Services

Location: 100% Remote

Title: Senior IT Security Consultant

Start Date: Immediate

Project Length: 6 months (could easily go longer)

Q&A with hiring manager:

Question: Are you expecting a 40-hour week?

Answer: Yes, “1-day” assessments are 20 hours and “2-day” assessments are 40 hours (assumes pre / post call work).  Schedule is fluid and based on assessment volume from the client. We are currently averaging 1 assessment per week.   

Question: Is there an expected work schedule (e.g. 8:30am – 5:30pm)?

Answer: Schedule is based on the client. But we are looking to utilize this resource full time based on performance (so around 40 hours per week). 

Question: Will the clients be on Pacific time or will this be nationwide so multiple time zones?

Answer:  Pacific Standard Time for internal client requirements.  But the third party assessments may require some flexibility based on their location. 

Question: 100% remote?

Answer: Yes, all remote.

Questions: Initial project period?

Answer: 6 months is the initial expectation based on current project length (though could be longer or shorter). 

Step 1:

  • Obtain third party pre-assessment information from Purchaser
  • Follow-up meeting with third-party and Purchaser for missing information/clarifications
  • Perform service scoping as necessary with information security or other Purchaser stakeholders
  • Draft assessment agenda with finalized scope
  • Schedule scoping meetings with third parties, as needed
  • Maintain scheduling and assessment findings logs

Step 2:

  • Provide regular status reports to Purchaser
  • Facilitate sending of questionnaires to in-scope third parties
  • Facilitate receipt of completed questionnaires and manage timely responses via agreed upon tool or process

Step 3:  

  • Review documentation, including questionnaire responses and supporting evidence to commence risk assessment
  • Conduct onsite assessment meeting (either 1-day or 2-days onsite)
  • Document observations and associated evidence
  • Document potential findings and remediation activities in risk summary
  • Raise queries with third party contacts, if required
  • Finalize draft risk assessment documentation

Step 4:

  • Perform quality control and finalize assessment of draft completed documentation package
  • Prepare finalized draft assessment reports
  • Discuss draft findings, proposed actions and third-party specific insights with Purchaser within 2 weeks of on-site assessment
  • Finalize draft detailed and summary reports in agreed upon tool within 2 weeks of discussing draft findings
  • Facilitate post-review meeting (as required)

Step 5 (ongoing):

  • Update repository of record and third-party risk assessment calendar
  • Produce weekly, bi-weekly, and monthly reports
  • Prepare and communicate quarterly third-party insights
  • Prepare and communicate potential refinements to third party risk assessment requirements and approach (periodic)

For immediate consideration, please email your resume in Word format to Cameron Wall at cwall@ifgpr.com.