MAD Security Careers
Come join a team of some of the brightest and most innovative security experts around!
MAD Security offers a very competitive compensation package that includes base salary, medical, 401k matching, bonuses (we like to reward you for your hard work), training on next generation security tools, and flexible time off.
For Trusted Partners (1099):
We are also looking for partners that we can work with that can augment our skills and add depth to our team. We frequently receive requests for work that is a little out of our lane or that we can’t take on due to full bookings, and in those cases we like to work with trusted partners to create win/win scenarios.
MAD Security Career Postings:
Cybersecurity Governance, Risk & Compliance (GRC) Consultant - Intermediate
- Job Title
- Cybersecurity Governance, Risk & Compliance (GRC) Consultant - Intermediate
- Job ID
- Huntsville, AL 35806
- Other Location
Cybersecurity Consultant - Intermediate
At MAD Security our mission is to simplify the Cybersecurity challenge and safeguard business. To accomplish this mission we need motivated and passionate teammates.
We are seeking an extraordinary Cybersecurity Consultant for our team who will work closely with our clients to provide risk management and information security compliance consulting to deliver best-of-breed results. You will be working side-by-side with a highly focused and motivated team to reach a higher level of excellence in order to bring the best value to our clients. You will be expected to conduct a wide array of Cybersecurity consulting engagements to MAD Security’s diverse clients. Each engagement can range from 2-3 days to several months, with periods between consulting engagements being utilized to update MAD Security’s methodologies and products. You must have a solid understanding of the Information Security landscape, analyze risk levels of clients, possess the ability to identify areas of exposure, and make recommendations based upon that knowledge. This position relies heavily on sound and repeatable methodologies, while cultivating the business and technical sides of client relationships in order to generate additional avenues of opportunity for MAD Security.
- Huntsville, AL
- Currently none due to world events. Typically travel is on the order of 10-15%
Essential Duties and Responsibilities
- Conduct Cybersecurity consulting engagements onsite and remotely; including report writing
- Manage and execute project level tasks and milestones
- Educate clients on information security and applicable control requirements
- Ensure delivery meets contractual commitments and regulatory compliance (e.g. NIST, DFARS, FFIEC, ISO, CIS 20, etc.), policies and standards
- Baseline existing risks and compliance levels
- Advise on risk mitigation and remediation plans
- Provide information security consulting to clients based on experience in the field and best practices
- Ongoing evaluation and improvement of methodologies and internal processes.
- Knowledge and experience of Risk Management, IT Governance, and Information Security best practices, standards and frameworks such as NIST, FFIEC, ISO, PCI-DSS, CIS 20, HIPAA, etc.
- 5+ years of experience in information security field
- Good time management, project management and problems solving skills
- Security controls assessment experience
- Experience interacting, relating and collaborating with executive-level clients
- Bachelors Degree or Masters Degree in Information Assurance, Cyber Security, Computer Science, Business Management or other related field; or equivalent experience
- One or more of the following: CISSP, CISM, CISA, Security+, or equivalent certificate
- Experience with risk and security in financial institutions
- Experience interviewing IT and non-IT staff to identify as-is processes and procedures
- Application Security and/or Vulnerability Assessment experience
- Penetration Testing and Social Engineering knowledge
- GRC process and tools experience a plus
- High level working knowledge of security solutions such as endpoint security, DLP, SIEM, etc., and what problems those solutions are designed to solve
- Knowledge of various security technologies and leading product families
- Ability to review the security architecture and advise on security requirements