Protiviti (www.protiviti.com) is a global business consulting and internal audit firm composed of experts specializing in risk and advisory services. The firm helps clients solve problems in finance, operations, technology, litigation, governance, risk, and compliance. Protiviti's highly trained, results-oriented professionals serve clients in the Americas, Asia-Pacific, Europe and the Middle East and provide a unique perspective on a wide range of critical business issues.
Protiviti has more than 60 locations worldwide and is a wholly owned subsidiary of Robert Half International Inc. (NYSE symbol: RHI). Founded in 1948, Robert Half International is a member of the S&P 500 index.
ITEC * SECURITY PROGRAM MANAGEMENT
Protiviti*s Security Program Management professionals help organizations understand and address IT security and privacy issues.
As business became increasingly connected, it is critical for them to view information security and privacy as business issues - not just IT issues. Security threats and privacy exposures exist for every organization. Dealing with them effectively will provide a stable operating environment and offer a platform for competitive advantage and revenue growth.
Our consultants provide a wide variety of security and privacy program development, architecture and design, evaluation and compliance, incident response, and transformation services to help your organization fully understand its security and privacy risks as well as prevent or respond to them.
The following statements are intended to describe the general nature and level of work being performed. This is not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel.
The Senior Consultant has primary responsibility for direct supervision of Consultants in developing and executing Information Security project work plans. The Senior Consultant has direct, client-facing engagement responsibilities. Serving as both role model and trainer, the Senior Consultant demonstrates the attributes of excellent client service and assists team members in developing technical and professional competency. The Senior Consultant learns to identify areas of IT risk in the client environment and opportunities to help them to improve information security, and business processes.
REQUIRED GENERAL KNOWLEDGE & SKILLS
Prior project management and supervisory skills ideal
Ability to work in a team environment and foster client relationships
Understanding of the importance of business ethics
Sound job administration skills
Above-average written and verbal communication skills, including documentation of findings and recommendations
Ability to handle highly confidential information in a strictly professional manner
Ability to maintain professional demeanor in times of high stress
Develop and apply proficiency with Protiviti policies and methodologies
Apply understanding of business processes and technical skills to successful completion of projects
Develop understanding of project requirements and client*s business
REQUIRED TECHNICAL KNOWLEDGE & SKILLS
Proficiency in utilization of information security tools such as Nessus, Kismet, Airsnort, NMAP, Ethereal, WebInspect and Nikto, and manual techniques to exploit vulnerabilities in the OWASP top 10 including but not limited too cross-site scripting, SQL injections, session hi-jacking and buffer overflows to obtain controlled access to target systems
Ability to perform network traffic forensic analysis, utilizing packet capturing software, to isolate malicious network behavior, inappropriate network use or identification of insecure network protocols
3+ years hands on experience in one or more of the following Operating Systems: Windows Server 2003/2000/NT, Linux and UNIX
3+ years practical experience in TCP/IP Networking
A diverse skill base in both Information Systems and Information Security which address organizational structure and administration practices, system development and maintenance procedures, system software and hardware controls, security and access controls, computer operations, environmental protection and detection, and backup and recovery procedures
Attack and Penetration experience in testing of Internet infrastructure and Web-based applications utilizing manual and automated tools
Knowledge of information system architecture and security controls (i.e. firewall and border router configurations, operating systems configurations, wireless architectures, databases, specialized appliances and information security policies and procedures)
PREFERRED TECHNICAL / INDUSTRY KNOWLEDGE & SKILLS
Application source code security review skills
3+ years of experience in one or more of the following Database Environments: Microsoft SQL Server, Oracle, Sybase, DB2 and MySQL
Experience with programming languages such as Java, C, C++, C#, and .NET
Knowledge of Industry Standards, e.g., ISO 17799/27001, NIST Publications and other Industry Related Security Standards
Knowledge of Industry Regulations, e.g., Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act of 1996 (HIPAA), Payment Card Industry (PCI) or Corporate Compliance
Consulting experience in Information Security
EDUCATIONAL & PROFESSIONAL CREDENTIALS REQUIRED
Bachelor*s degree in a relevant discipline (Computer Information Systems, Information System Technologies, Management Information Systems)
Minimum GPA 3.0
3+ years in a related field, preferably in professional services and/or industry
Professional Certification such as CISSP, CISM, GSEC, GIAC, CEH, CPT are strongly preferred
ABITLITY TO TRAVEL
The position requires up to 40% out-of-town travel to client locations.
Dice - 3 years ago
Protiviti has a proclivity to shield companies from risky activity. The company provides independent internal auditing and risk consulting...