Senior Information Security (Analyst – Consultant) Strategic Services job opportunity at Tevora.

Home Jobs In United States Of America Tag: Consulting – Enterprise Risk Management Senior Information Security (Analyst – Consultant) Strategic Services position at Tevora


bot
Tevora Senior Information Security (Analyst – Consultant) Strategic Services
Experience: 2 Years
Pattern: hybrid
Country:
apply Apply Now
Salary:
Status:

Consulting,Enterprise Risk Management

Copy Link Report
degreeBachelor's (B.Sc.)
loacation Fairfax, VA, United States Of America
loacation Fairfax, VA....United States Of America

Senior Information Security (Analyst – Consultant) Strategic Services Fairfax, VA or Irvine, CAIf you haven't heard of Tevora, it's because we've done our job!Tevora is a tight-knit community of professionals with a shared passion for our craft. Every day, we combine in-depth knowledge of cybersecurity, technology, and compliance to help create more secure digital environments. To Tevorans, every problem is a puzzle in need of solving. We strongly believe that if we put smart, driven people in a room together, they will accomplish great things. We maintain a supportive culture that celebrates continuous learning, diverse perspectives, and sharing the wins. That's why we have our eyes on you.What's the role?The Senior Information Security Analyst is a pivotal client-facing role responsible for delivering expert assessment and solution implementation services to external organizations. This position involves evaluating client environments across operational IT, information security, privacy, and IT service management disciplines. The Senior Analyst identifies critical gaps, develops strategic roadmaps, and designs programs for enhanced maturity, resilience, and efficient service delivery. Acting as a trusted advisor, the Senior Analyst guides Tevora clients through complex challenges, facilitating the adoption of industry best practices and solutions aligned with industry-recognized frameworks for IT Service Delivery and Management, Information Security, and Privacy.A day in the life could include\nClient Engagements and Program Development:Lead and support various client engagements, including Enterprise Risk Assessments, Privacy Impact Assessments, and Risk /Privacy / Program Buildouts.Facilitate collaborative assessment processes such as scoping, leading client interviews/workshops, and ensuring open dialogue and understanding of client-specific challengesManage client expectations and ensure project deliverables align with their business objectives and regulatory requirementsRisk and Privacy Expertise:Perform comprehensive point-in-time assessments of client cybersecurity posture against industry standards and frameworks (e.g., NIST CSF 2.0, CIS Critical Security Controls)Conduct maturity assessments across various domains, including IT Risk Management, IT Service Management, and specific security controlsEvaluate critical platforms and tool use cases, assessing their effectiveness and alignment with client needs and best practicesIdentify security gaps, vulnerabilities, and control weaknesses through documentation review, interviews with key personnel, and observation of operational processesAssess client compliance with relevant laws, regulations, and contractual obligations, including PII, PHI, and IP considerations, specifically HIPAA and PCI DSSDesign and implement enterprise-wide IT risk management programs based on NIST principles, integrating cybersecurity risk with overall enterprise risk management (ERM)Establish risk governance structures, define roles and responsibilities, and develop risk management strategies for clientsDevelop and implement policies and procedures related to application security, data protection, and privacyCreate roadmaps for program implementation, such as Technical Impact Analysis (TIA) programs, including stakeholder engagement, data collection, and continuous improvementCollaboration & Leadership:Prepare comprehensive assessment reports, compliance narratives, and strategic roadmaps for executive and technical client stakeholdersPresent complex technical and risk information clearly and concisely to diverse client audiences, supporting informed decision-makingEnsure all findings, recommendations, and program documentation are auditable and support client compliance requirementsEngage effectively with both internal and external stakeholders, including client project managers, client leadership, internal managers, and junior team members, to ensure alignment and successful project outcomes.Facilitate cross-functional communications with other team members and departments, fostering collaboration and knowledge sharing.Necessary skills and qualifications:Bachelor's degree in information security or related discipline Technical Expertise: Proficiency In IT Risk Management frameworks (e.g., NIST RMF, NIST CSF 2.0) and knowledge of up to two of the following industry frameworks and regulations CCPA/CPRA, GDPR, NIST Privacy, NIST RMF, PCI, ISO, HIPAA Strong knowledge of cybersecurity controls, vulnerability management, identity and access management, detection and response, product security, and security operations, including CIS Critical Security Controls Ability to synthesize complex technical and business information, identify patterns, and develop actionable recommendations Excellent written and verbal communication skills, with the ability to present detailed technical and analytical findings clearly and concisely to both technical and non-technical audiences, including executive leadership, project managers, and technical teams. Proven ability to tailor communication style and content to different audiences, from junior staff to senior management, both internally and externally. Advanced capability in performing various types of assessments (point-in-time, maturity, risk, technical) and integrating findings from multiple sources Hold current standing with at least one industry relevant certifications, such as CISM, CISA, CRISC, CISSP Ability to coordinate and manage multiple priorities in a fast-paced environment, working both independently and collaboratively Ability to travel up to 10% for client-related or internal-related activities as neededBonus Points:At least 2 years’ experience in a client-facing role (e.g., consulting or external auditor)Experience operating industry-relevant tools (e.g., GRC platforms, and other privacy and risk management solutions such as BigID, OneTrust, etc.) Familiarity with Artificial Intelligence (AI) Risk Management (AI RMF), AI Governance, and AI SecurityWe've got you covered!Comprehensive benefits including: Medical, Dental, Vision & Basic Life InsurancePaid Vacations, Sick Time, & Holidays401 (k) with discretionary company matchVibrant work cultureAdditional requirements:Eligibility to work in the United States.\n$105,000 - $140,000 a yearDepending on Experince \nEEOC StatementTevora is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, disability status, or other applicable legally protected characteristics.

Other Ai Matches

SalesForce Administrator Applicants are expected to have a solid experience in handling Operations – Information Technology related tasks
Cybersecurity Internship Summer 2026- Threat Applicants are expected to have a solid experience in handling Consultant Development Program – CDP Threat related tasks
Project Coordinator Applicants are expected to have a solid experience in handling Consulting Operation – Project Management Office related tasks
remote-jobserver Remote
Senior Account Director Applicants are expected to have a solid experience in handling Sales – West related tasks
remote-jobserver Remote
Technical Payments Consultant (QSA) Applicants are expected to have a solid experience in handling Consulting – Payments related tasks
remote-jobserver Remote
Account Director Applicants are expected to have a solid experience in handling Sales – East related tasks
remote-jobserver Remote
Account Director Applicants are expected to have a solid experience in handling Sales – East related tasks
remote-jobserver Remote
Account Director Applicants are expected to have a solid experience in handling Sales – TOLACentral related tasks
remote-jobserver Remote
Senior Pre-Sales Security Architect Applicants are expected to have a solid experience in handling Sales – Pre- Sales related tasks
remote-jobserver Remote
Senior Pre-Sales Security Architect Applicants are expected to have a solid experience in handling Sales – Pre- Sales related tasks
Marketing Events Coordinator - East Applicants are expected to have a solid experience in handling Operations – Marketing related tasks
remote-jobserver Remote
Account Director Applicants are expected to have a solid experience in handling Sales – East related tasks
Cybersecurity Internship Summer 2026- Solutions Applicants are expected to have a solid experience in handling Consultant Development Program – CDP Solutions related tasks
remote-jobserver Remote
Senior Account Director Applicants are expected to have a solid experience in handling Sales – West related tasks
Talent Acquisition & People Ops Generalist Applicants are expected to have a solid experience in handling Operations – Human Resources related tasks
remote-jobserver Remote
Account Director Applicants are expected to have a solid experience in handling Sales – East related tasks
Senior Information Security (Analyst – Consultant) Strategic Services Applicants are expected to have a solid experience in handling Consulting – Enterprise Risk Management related tasks
Cybersecurity Internship Summer 2026 - Enterprise Risk Management Applicants are expected to have a solid experience in handling Internship related tasks
Marketing Events Coordinator - West Applicants are expected to have a solid experience in handling Operations – Marketing related tasks