Information Security Assessor

Summary

Join RSI Security as an Information Security Assessor, where you will actively contribute to client engagements, ensuring regulatory compliance and providing insightful recommendations. This role demands leading client assessments, improving internal processes, and supporting team efforts to enhance client satisfaction. The ideal candidate possesses self-motivation, thrives in fast-paced environments, and demonstrates a commitment to continuous learning and transparent communication. Responsibilities include assessing security controls and compliance, advising clients on assessment preparation, providing technical writing support, collaborating with sales and marketing, and contributing to internal process improvements. A bachelor's degree in Computer Science or equivalent, along with specific experience and certifications, is required. The position offers the opportunity to work with a trusted leader in cybersecurity compliance and assessment.

Requirements

• Bachelor’s degree in Computer Science or equivalent education required
• Training or hands-on experience in at least one major cloud platform (AWS, Azure, or Google Cloud) required
• 5+ years of IT experience total required; having 3+ years’ experience specifically in cyber security required
• At least 2 active certifications required from the following: CISA, CISM, or CISSP
• Ability to support upselling and pre-sales by identifying client needs and contributing to value-driven solutions
• Demonstrated ability to interface and collaborate with executive leadership required
• Demonstrated ability to lead complex projects and engagements and get consistent on-time results that meet expectations required
• Demonstrated strong interpersonal and communication skills to develop and maintain relationships with clients and colleagues required
• Working technical knowledge of software development, cloud computing and network architecture required

Responsibilities

• Assess the security controls and regulatory compliance of a client organization (~50% of the time) – By properly scoping and understanding the client environment, business processes, people and technologies, determining compliance requirements and then assessing if the client organization can demonstrate the compliance through clear evidence that is observed, reviewed and tested. Afterwards, drafts a compliance report that outlines how the company has met compliance requirements for the company’s applicable regulations
• Act as an advisor to a client organization in preparation for an assessment (~25% of the time) – Guiding the client to properly prepare for controls and/or compliance audit through proper scoping and identifying sensitive data, how it is managed, determine what the requirements are needed to implement controls, perform gap analysis and generate a report outlining action items to take and policies to develop to be ready for an assessment
• Provide technical writing to a client organization (~5% of the time) – Leads, contributes and delegates technical writing for a client who does not have policies and procedures created to meet compliance requirements. Reviews work and provides feedback if the work is delegated to an Analyst and finalizes to share with the client
• Partner with the Sales and Marketing team (~10% of the time) – Provides pre-sales meeting support and helps the sales team to create proposals for a client by understanding the client’s business, security requirements, regulatory requirements, and identifying complexities. Contributes to marketing efforts, including sitting on a panel as part of a webinar and writing blogs on relevant subjects
• Contribute to internal process improvements & Continuous education (~10% of the time) – Is an active contributor to internal project tasks at RSI, providing improvements to processes to maintain the highest level of efficiency and help productize RSI’s services. Stays abreast of the latest cyber security and compliance changes with 40 hours per year of CPE

Preferred Qualifications

• Active security assessor certification; PCI-DSS or HITRUST (Preferred)
• Experience working with a PSA tool, such as Asana, Oracle NetSuite, Mavenlink, or Sage preferred