Information Security Consultant

Company: Veritude, a Fidelity Investments companyLocation: Boston, to 02101Status: Full Time, Temporary/Contract/ProjectJob Category: IT/Software DevelopmentCareer Level: Manager (Manager/Supervisor of Staff) Contact InformationCompany: Veritude, a Fidelity Investments companyEmail: Apply by Email At Veritude, it's our goal to help you find opportunities that match your goals and skills. Our staffing approach is unique: by combining a deep, personal knowledge of our client companies and your career objectives, we ensure consistent "best matches" of your talents to the position and culture of the client's organization. The benefit to you? Increased job satisfaction and greater opportunity for success. Job Description Information Security Consultant We are looking for an Information Security Consultant on behalf of our client, Devonshire Investors Holding Company (DI Holdings). This position is based in Boston, MA (100 Summer Street).  This is initially a 6 month contract role with a strong chance of extension or eventual conversion to a permanent role. Summary DI Holdings is a firm of +/- 200 personnel predominantly headquartered in downtown Boston, MA and manages a portfolio of approximately 22 companies in industries as diverse as human resources, home building supply, transportation and hospitality, biosciences, etc.  DI Companies employ approximately 30,000 associates around the world. Overview As a senior team member responsible for successful program management this person will be accountable for designing and executing the Information Security program for the DI Admin Holdings company. Positive organizational impact is the key success factor.  Of initial importance this person will be responsible for management the DI Information Security Scorecard program which includes 49 elements.  Although organized in an ISO 27000 high level format, the program area sub sets are DI Admin specific. Critical to this role will be the ability for the security officer to organizationally sense multiple organizations and work with a variety of constituents including service providers and customers.  It is noted that the role of providers and customers is a continuously evolving aspect to this function. Scope of responsibility is DI Admin and the companies it supports/works with including Pembroke Real Estate, Fidelity Ventures, Backyard Farms, etc.  During the assignment this person may be required to assist DI in its reconfiguration from using existing infrastructure and policies to a new information security infrastructure and business relevant set of policies.  This person will augment the existing program by adding or reducing to the program specific business relevant DI business requirements and will measure overall program performance against goals and metrics.  A DI specific information security program will be the end result and critical to the success of this role. Provides critical incident response capability and has a team of matrixed specialists at disposal.  Works closely with other control functions such as risk, business contingency, internal audit, etc. Critical is sound organizational sensing skills coupled to a high capability to influence. This person must possess a proven capability to interpret the COBIT and ISO 27000 and other related frameworks and apply their control assessment and implementation designs in the areas of technology: availability, security, capability, efficiency and integrity. Of increasing importance is the ability to integrate activities and coordinate with the technology risk manager for IT Governance, Risk and Compliance. The person shall coordinate closely with the technology risk manager to deliver IT Governance, Risk and Compliance strategy for the overall portfolio.Responsibilities  This candidate is a forward leaning leader implementing an innovative information security program.  Manages local and portfolio-wide projects that rely on a matrixed management approach. Must have highly developed skills in program and project management with the capability to provide monthly statistics measuring program effectiveness.  Must be capable of working at the highest levels of the company as directed with superior communications skills both oral and written. As required, adapts the information security program and policy structure as DI transition occurs. Will require hands on work in many program areas including access administration, web security program, training programs, etc.Qualifications Strong background in information security program management with span of control/influence firm-wide and at all levels up to and including the information security board. CISSP accreditation or equivalent (e.g. CISA, CISA-R, GIAC, CISM, BSI) Graduate with at least 7-10 years of directly related  experience A solid working knowledge of new trends, technology developments, and methodologies in Information Security; strong external network. Adequately versed in appropriate regulatory matters as need or adequately connects to corporate resources for assistance. An excellent working knowledge of information technology standards, policies, controls and frameworks. A high level understanding of system's architecture and Infrastructure; Experience of team leadership or team participation in a technical or security. Flexible and adaptable, demonstrating good use of initiative with an enquiring/questioning nature Comfortable in a multi-national environment. Ability to multi-task and prioritize workload with a keen attention to detail Strong ability to influence and quickly sense organizational climate, leaders and influencers.  Aggressive capability to understand challenges and appropriate organizational functions to help resolve them in a timely fashion. Must be a self starter able to work with limited direction; experience managing and motivating matrixed teams. Veritude is proud to be an equal opportunity employer and supports a diversified environment.