Senior Security Consultant - Cyber Risk & Compliance
Cyderes (Cyber Defense and Response) is a pure-play, full life-cycle cybersecurity services provider with award-winning managed security services, identity and access management, and professional services designed to manage the cybersecurity risks of enterprise clients. We specialize in multi-technology, complex environments with the in speed and agility needed to tackle the most advanced cyber threats. We leverage our global scale and decades of experience to accelerate our clients’ cyber outcomes through a full lifecycle of cybersecurity services. We are a global company with operating centers in the United States, Canada, the United Kingdom, and India.
About the Role:
As a Senior Security Consultant, you will lead complex engagements across SRC, Cloud & DPA service lines. You’ll work closely with clients to evaluate security controls, provide advisory on risk and compliance obligations, and deliver detailed, actionable recommendations. You’ll assess hybrid technology environments including public cloud (AWS, Azure, GCP), SaaS platforms, and data protection strategies.
This role requires a balanced skill set: the ability to map frameworks like NIST CSF, ISO 27001, and GDPR to real-world controls, and the technical credibility to analyze cloud configurations, IAM posture, and data lifecycle protections.
Responsibilities:
Lead customer engagements and project execution providing information security consultation and assessment services, helping our clients meet their compliance obligations by evaluating their business, technology, and operations against industry security standards.
Provide clear, organized findings and recommendations to clients and tracking progress towards resolution and compliance.
Develop strategic, operational, and tactical recommendations tailored to each customer with the intent to improve a customer's security posture and compliance position.
Create detailed strategic security roadmaps with short-term, mid-term, and long-term goals that prioritize remediation recommendations and address all instances of non-compliance with applicable regulatory, statutory, contractual, and organizational obligations.
Lead large security engagements in concert with other cybersecurity practices.
Assess cloud security architecture, including IAM, encryption, logging, data residency, and workload security.
Develop security policies, standards, and procedures that are custom-tailored to each customer's unique culture, security goals, and organizational objectives using industry best practices and compliance requirements.
Review, analyze, and assess key factors, including inherent risk, mitigating controls, business impact, likelihood, and other key elements to determine organizational security risk.
Work with other Security Consultants in a collaborative setting to support and assist on the execution and delivery of key services such as vCISO Services, security program development, documentation review, and security consulting services.
Assist the CRC-Advisory practice lead in pre-sales activities, leading scoping discussions for PCI proposals, along with other frameworks and services.
Delivery of client engagements to a high-quality, work would cover ISMS development, assisting companies gain ISO27001 certification, PCI-DSS compliance, NIST CSF, other areas of Governance, Risk and Compliance as required
Requirements:
PCI QSA Certification is a must.
Previous professional experience providing consultative services with industry standards such as NIST CSF, NIST 800-53, NIST 800-171, NIST RMF, CMMC, ISO 27001,HIPAA, HITRUST, SOC 2 Type 2, CIS, CCPA, GDPR
Familiarity with cloud security frameworks and cloud-native security services in AWS, Azure, or GCP.
Strong understanding of data protection principles, including data classification, retention, and secure disposal.
Strong professional expertise in information security with the ability to thoroughly understand complex principles and apply them practically.
Comfortably present security concepts and/or findings to both highly technical and entirely non-technical audiences.
Ability to manage multiple tasks and responsibilities, work alone or in small teams, achieve established goals and objectives, and communicate progress in a timely manner.
Must be analytical, innovative, possess a strong sense of attention to detail.
Strong cross-functional team participant and collaborative approach to problem-solving.
Strong verbal and written communication skills, organizational skills, and attention to detail.
Desire to grow the business by identifying up-sell opportunities with existing and potential clients.
Ability to be flexible and embrace change.
Self-motivated and self-directed.
Self-starter with the ability to manage their own tasks into a larger project or program effort.
Cyderes is an Equal Opportunity Employer (EOE). Qualified applicants are considered for employment without regard to race, religion, color, sex, age, disability, sexual orientation, genetic information, national origin, or veteran status.
Note: This job posting is intended for direct applicants only. We request that outside recruiters do not contact us regarding this position.
Senior Security Consultant - Cyber Risk & Compliance
Cyderes (Cyber Defense and Response) is a pure-play, full life-cycle cybersecurity services provider with award-winning managed security services, identity and access management, and professional services designed to manage the cybersecurity risks of enterprise clients. We specialize in multi-technology, complex environments with the in speed and agility needed to tackle the most advanced cyber threats. We leverage our global scale and decades of experience to accelerate our clients’ cyber outcomes through a full lifecycle of cybersecurity services. We are a global company with operating centers in the United States, Canada, the United Kingdom, and India.
About the Role:
As a Senior Security Consultant, you will lead complex engagements across SRC, Cloud & DPA service lines. You’ll work closely with clients to evaluate security controls, provide advisory on risk and compliance obligations, and deliver detailed, actionable recommendations. You’ll assess hybrid technology environments including public cloud (AWS, Azure, GCP), SaaS platforms, and data protection strategies.
This role requires a balanced skill set: the ability to map frameworks like NIST CSF, ISO 27001, and GDPR to real-world controls, and the technical credibility to analyze cloud configurations, IAM posture, and data lifecycle protections.
Responsibilities:
Lead customer engagements and project execution providing information security consultation and assessment services, helping our clients meet their compliance obligations by evaluating their business, technology, and operations against industry security standards.
Provide clear, organized findings and recommendations to clients and tracking progress towards resolution and compliance.
Develop strategic, operational, and tactical recommendations tailored to each customer with the intent to improve a customer's security posture and compliance position.
Create detailed strategic security roadmaps with short-term, mid-term, and long-term goals that prioritize remediation recommendations and address all instances of non-compliance with applicable regulatory, statutory, contractual, and organizational obligations.
Lead large security engagements in concert with other cybersecurity practices.
Assess cloud security architecture, including IAM, encryption, logging, data residency, and workload security.
Develop security policies, standards, and procedures that are custom-tailored to each customer's unique culture, security goals, and organizational objectives using industry best practices and compliance requirements.
Review, analyze, and assess key factors, including inherent risk, mitigating controls, business impact, likelihood, and other key elements to determine organizational security risk.
Work with other Security Consultants in a collaborative setting to support and assist on the execution and delivery of key services such as vCISO Services, security program development, documentation review, and security consulting services.
Assist the CRC-Advisory practice lead in pre-sales activities, leading scoping discussions for PCI proposals, along with other frameworks and services.
Delivery of client engagements to a high-quality, work would cover ISMS development, assisting companies gain ISO27001 certification, PCI-DSS compliance, NIST CSF, other areas of Governance, Risk and Compliance as required
Requirements:
PCI QSA Certification is a must.
Previous professional experience providing consultative services with industry standards such as NIST CSF, NIST 800-53, NIST 800-171, NIST RMF, CMMC, ISO 27001,HIPAA, HITRUST, SOC 2 Type 2, CIS, CCPA, GDPR
Familiarity with cloud security frameworks and cloud-native security services in AWS, Azure, or GCP.
Strong understanding of data protection principles, including data classification, retention, and secure disposal.
Strong professional expertise in information security with the ability to thoroughly understand complex principles and apply them practically.
Comfortably present security concepts and/or findings to both highly technical and entirely non-technical audiences.
Ability to manage multiple tasks and responsibilities, work alone or in small teams, achieve established goals and objectives, and communicate progress in a timely manner.
Must be analytical, innovative, possess a strong sense of attention to detail.
Strong cross-functional team participant and collaborative approach to problem-solving.
Strong verbal and written communication skills, organizational skills, and attention to detail.
Desire to grow the business by identifying up-sell opportunities with existing and potential clients.
Ability to be flexible and embrace change.
Self-motivated and self-directed.
Self-starter with the ability to manage their own tasks into a larger project or program effort.
Cyderes is an Equal Opportunity Employer (EOE). Qualified applicants are considered for employment without regard to race, religion, color, sex, age, disability, sexual orientation, genetic information, national origin, or veteran status.
Note: This job posting is intended for direct applicants only. We request that outside recruiters do not contact us regarding this position.