Principal Consultant - GRC/Security

Atmosera empowers businesses to Redefine Possible with Modern Technology and Human Expertise. Our exceptional experience across Applications, Data & AI, DevOps, Security, and the Microsoft Azure platform enables organizations to accelerate innovation, enhance security, and optimize operational agility. As a Microsoft Partner with nine specializations, GitHub AI Partner of the Year, a member of the GitHub Advisory Board, and a member of the prestigious Microsoft Intelligent Security Association (MISA), Atmosera expertly delivers cutting-edge, integrated solutions that deliver business value.

As a Principal Consultant on our Professional Services team, you'll be considered a Compliance Advisory subject matter expert (SME) with an ability to evaluate/assess the security and compliance of client firms/services against regulatory and industry requirements and standards, and against security best practice frameworks, etc. You will also need to be able to go hands-on, potentially implementing such recommendations, if needed.

The Principal Consultant (SME) is expected to leverage their technical and business experience across three (3) domains, including:

1. Evaluate and enhance the security of complex systems that may impact both risk and compliance for organizations, large and small.

2. Mentor and develop team members to help grow the team and its capabilities

3. Engage outwardly into the community through blog posts, technical white papers, forum participation, and conference speaking engagements. Engage inwardly to support business and practice growth by developing Sales/Marketing collateral, delivery methodologies, and SOPs, train/mentor colleagues as necessary, and serve as the SME for all topics related to your technical or compliance area of expertise

• Work with and mentor team members to drive customer success.
• Scope and lead engagements with clients. This includes leading pre-sales calls and onsite visits, understanding customer security and compliance requirements and environments, and proposing and delivering packaged offerings or custom solution engagements.
• Develop technical content, such as security plans, procedures, policies, and white papers that can be used by our clients to assist them in elevating/building out their security and compliance programs.
• Lead delivery engagements, including potential on-site projects, working with clients to build out compliance roadmaps, architecture guidance, gap assessments, etc.
• Translate and implement industry-standard GRC requirements into Azure and Microsoft 365 controls.
• Collaborate with Professional Services team members and sales teams to convey partner and customer feedback.
• Serve as the practice subject matter expert (SME) for escalations, sales/marketing support, driving practice profitability and revenue.
• Provide Delivery Team Support, including identifying process improvements, training Delivery personnel on methodologies/tools and quality topics, and mentoring Delivery personnel.
• Development of industry-wide service line thought leadership through:
• Authoring: methodologies, templates, white papers, work instructions, guidelines, forms, tools
• Developing and delivering industry-specific training, including speaking/presenting at conferences, creating webinars
• Support management of client satisfaction at all phases of the client relationship.
• Ensure continuous professional development by maintaining industry-specific certifications.
• Maintain a strong depth of knowledge in the practice area.
• Collaborate with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables.
• Establish account relationships and identify upsell and cross-sell opportunities and escalate to sales

• 7+ years of experience in an IT security audit, assessment, compliance, risk management, or data privacy role.
• Knowledge and awareness of the latest information risk, security, and compliance innovations, trends, challenges, and solutions.
• Knowledge of strategy, privacy, risk standards/frameworks, and professional practices (NIST, ISO, CIS Top 20, ISSA, CSA CMM, Privacy by Design, FAIR, etc.).
• Knowledge of the typical enterprise risk and security operational practices.
• Knowledge of information security-related solutions, tools, and utilities.
• Experience in strategy development, setting direction for team members, influencing both internally and externally.
• Experience building common compliance frameworks as well as mapping between different compliance requirements.
• Experience securing cloud-based infrastructure, including secure operating systems, firewalls, and database lockdowns.
• Demonstrated breadth of security expertise in various subdomains such as encryption, identity, incident response, etc.
• Knowledge of Identity Access Management design and implementation patterns.
• Experience with risk assessment methodologies and risk reporting for executive leadership.
• Proven background in clearly writing complex technical documents that can be presented across a varied enterprise corporate audience.
• 7+ years of experience working with one or more of the following:
• Payment Card Industry (PCI) Council's Payment Card Industry Data Security Standard (PCI DSS)
• ISO/IEC 27001:2022 and ISO/IEC 2702:2022
• ISO 9001:2015
• System and Organization Controls (SOC) 2
• National Institute of Standards and Technology (NIST) frameworks (800 series)
• HITRUST framework
• Health Insurance Portability and Accountability Act (HIPAA)
• Health Information Technology for Economic and Clinical Health Act (HITECH)
• Bachelor's Degree in Computer Science, Information Systems Management, Information Security, Business or equivalent experience required.
• CISSP
• CISM or CISA
• In addition, depending on the framework(s) you will be supporting you must have one or more of the following:
• ISO: ISO/IEC 27001 Lead Auditor/Implementer
• Certified CSF Practitioner (CCSFP)
• PCI: Qualified Security Assessor (QSA)

• Azure certification(s).
•  CRISC or related certification
• CCSK certification
• Big Four Advisory/Consulting Experience (Deloitte, EY, PwC, Accenture, etc.)

We value our employees and are committed to providing a comprehensive and competitive benefits package designed to support your well-being and financial security. Here's what you can look forward to:

Financial Security & Growth:

 Competitive Salary: We offer competitive salaries commensurate with experience and skills.

 Generous 401(k) Plan: Secure your financial future with our generous 401(k) plan, featuring a 100% company match on your contributions up to 4% of your salary! This is a fantastic opportunity to build your retirement savings with our support.

 Performance-Based Compensation: Your hard work and dedication will be recognized and rewarded through our performance-based compensation program, which includes bonus potential in addition to your base salary.

Health & Well-being:

 100% Employer-Paid Health, Vision, and Dental Insurance for employees: Say goodbye to expensive premiums! We cover 100% of the cost of your health, vision, and dental insurance premiums, saving you potentially thousands of dollars each year. Focus on your health, not your healthcare costs.

 Company-Paid Life, AD&D, Short and Long-Term Disability Insurance: We provide company-paid life, accidental death & dismemberment, and short- and long-term disability insurance to protect you and your family.

Time Off & Work-Life Balance:

 Generous Paid Time Off (PTO): Enjoy a healthy work-life balance with three weeks of paid time off, allowing you to relax, recharge, and pursue your personal interests. This flexible PTO can be used for vacation, personal time, or sick leave.

 11 Paid Holidays: We observe 11 paid holidays throughout the year, giving you additional time to spend with family and friends.

 Community Service Leave: We believe in giving back to the community and offer paid time off for you to volunteer with organizations that are meaningful to you.

Additional Perks & Recognition:

 Employee Recognition and Reward Program: We celebrate and reward outstanding performance and contributions through our employee recognition program. We value your dedication and are committed to showing our appreciation.

This is a full-time position in the United States with the ability to work from home, or from one of our many US offices if local.

Atmosera is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. All employment is decided on the basis of qualifications, merit, and business need.