Consultant - Risk & Security Assessments (Lead Level)

Job Summary:

We are seeking a detail-oriented and analytical Risk & Security Consultant to support and lead information security assessments across enterprise environments. This role will focus on identifying, evaluating, and mitigating security risks through structured assessments and consulting engagements. Depending on experience, this position can be scoped as Junior Lead Consultant or Lead Consultant, with increasing responsibility over project delivery, client engagement, and team mentoring.

The ideal candidate will bring a solid foundation in IT risk, cybersecurity frameworks, and control evaluation, along with strong interpersonal and documentation skills.

Key Responsibilities:

• Conduct risk and security assessments across applications, infrastructure, third-party vendors, and internal controls.
• Evaluate and document risk exposure, security posture, and compliance against established frameworks (e.g., ISO 27001, NIST, CIS, COBIT).
• Prepare detailed assessment reports, including identified risks, control gaps, and actionable recommendations.
• Support the development and implementation of risk mitigation strategies and remediation plans.
• Collaborate with cross-functional teams including IT, legal, compliance, and business stakeholders to understand and align security requirements.
• Lead or contribute to the planning and execution of security assessments, audits, and readiness reviews.
• Stay up to date with current threat landscapes, emerging risks, and relevant regulatory changes.
• Support the preparation of risk dashboards and management reports.

Qualifications:

• Bachelors degree in Information Security, Computer Science, Information Systems, or a related field.
• 4-7 years of experience in information security, IT audit, or risk management roles.
• Strong knowledge of risk and control frameworks such as ISO 27001, NIST, SOC 2, PCI-DSS, or similar.
• Experience in performing or leading security assessments, audits, or third-party risk reviews.
• Familiarity with governance, risk, and compliance (GRC) tools is an advantage.
• Excellent written and verbal communication skills with the ability to present technical findings to non-technical audiences.
• Detail-oriented and highly organized, with the ability to manage multiple assessments simultaneously.

Preferred Certifications:

• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified in Risk and Information Systems Control (CRISC)
• ISO 27001 Lead Implementer / Lead Auditor
• CompTIA Security+ or equivalent foundational cert