Typically 10+ years relevant consulting and/or industry and functional experienceDescriptionWill be situational but consultant is recognized, typically through publication or lectures, as a thought leader in their particular area of expertise who offers special, in-depth knowledge of a business area that enhances a client's understanding of a given business challenge or solution.
Principal Duties and Responsibilities:
• Participate in the development and review of a secure coding policy and standard operating manual.
• Will be involved in the review of process and guidelines for code reviews, remediation of code(In-house, COTS, and private) as it pertains to doing a code risk assessment.
• Contributes expertise to help determine requirements and functional specifications for code review risk assessments for the entire organization.
• Works effectively with cross-functional and/or global teams, readily shares information with others
•Possess expert skills in
• Possesses strong security/risk/legal knowledge.
• Knowledge of the GRC aspects of information security subject matter including:
• Knowledge of Secure Code risk assessment design and delivery
• Control assurance design principles and practices
• Information Technology audit practices
• Knowledge of various compliance regulations - PCI, GLBA, SOX, and ISO 27001
• Knowledge of governance, risk, and compliance systems [RSA Archer a plus] Problem solving skills
• Excellent communications and collaboration skills
• Process analysis skills
Bachelors (Technical) or equivalent, industry certification required [CISSP, CRISC, CISA preferred]