Information Security Consultant - System and Organization Controls

Information Security Consultant - System and Organization Controls (SOC 1 / SOC 2) Compliance

at Tevora

Fairfax, VA

If you haven't heard of Tevora, it's because we've done our job!

Tevora is a tight-knit community of professionals with a shared passion for our craft. Every day, we combine in-depth knowledge of cybersecurity, technology, and compliance to help create more secure digital environments. To Tevorans, every problem is a puzzle in need of solving. We strongly believe that if we put smart, driven people in a room together, they will accomplish great things. We maintain a supportive culture that celebrates continuous learning, diverse perspectives, and sharing the wins. That's why we have our eyes on you.

What's the role?

Tevora is seeking an Information Security Consultant to join the SOC Compliance team.

This role on the SOC Compliance team is looking for a passionate individual who has a solid balance between business acumen and technical expertise. Comfortable across various disciplines of information security, this consultant will be responsible for assessing System and Organization Controls (SOC) compliance, for SOC 1 and SOC 2, and risk on a wide variety of client projects for some of the world's largest organizations. Other compliance frameworks this role will work on include ISO 27001 and PCI. This role will also contribute to thought leadership, provide mentorship to junior team members, and participate in ongoing training opportunities.

The successful candidate for this role will be detail orientated, have a solution focused attitude, and possess strong written and verbal communication skills.

A day in the life could include:

• Participating in IT and Compliance assessments, audits, gap analyses, and remediation.
• Leading and actively contributing to projects in the areas of System and Organization Controls (SOC 1 & SOC 2) Compliance assessments.
• Communicating with project stakeholders to effectively convey requirements of technical and process improvements.
• Participating in various information security compliance projects, such as PCI or ISO gap assessments.
• Assisting in the development of customized policies, procedures, controls, disaster recovery plans and other documentation for applications, systems, and infrastructure.
• Managing policy exceptions, including working directly with the teams to document exceptions, identify compensating controls and remediation action plans.
• Additional duties as assigned.

Necessary skills and qualifications:

• Completed minimum 3 years of experience in the information security, information technology, business consulting, enterprise risk, or compliance field.
• Demonstrated experience in at least 2 years of SOC 2 Compliance assessments.
• Hold at least one Auditing, Risk, or IT certification from the following list: CISSP, CISA, CISM, CRISC, ISO Lead Auditor.
• Possess knowledge of common IT and security concepts such as firewall management, server management, access control, and authentication
• Ability to connect easily with clients and colleagues to communicate effectively across business and technical boundaries- to offer recommendations as an expert with best practices.
• Ability to work independently without detailed guidance.
• Proficient in writing executive level reports and technical documentation.
• Proficient in MS Office tools and basic professional acumen.
  
  

Bonus Points:

• Hold a bachelor's degree from an accredited 4-year university.
• Demonstrated experience in at least one other information security compliance assessment (ISO 27001, PCI Level 1, HITRUST)
• Prior or current CPA license
• Commitment to continued learning.
  
  

We've got you covered!

• Comprehensive benefits offering
• Paid time off and holidays
• 401k with Company match
• Vibrant work culture
  
  

Additional requirements:

• A valid driver's license is required.
• Eligibility to work in the United States.
  
  

EEOC Statement

Tevora is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, disability status, or other applicable legally protected characteristics.