Team: Operations and Compliance | Commitment: Consultant | Location: Washington DC

Information Security Consultant


The security of computer networks is of growing concern to organizations with global operations due to the fact that organizations increasingly find themselves working in unstable environments.  As such CNFA has recognized the need to review and strengthen existing measures and take appropriate actions to better meet the information technology security needs.  These tools will be specifically adapted to best meet the needs of CNFA utilizing a common-sense approach to manage potential risk and help mitigate crisis situations.

Project Description:

We are currently seeking a highly experienced information security consultant to conduct security assessments of our internal information systems. The consultant will review current structure and help develop strategic and tactical plans for a comprehensive enterprise-wide information security program for our Washington, DC home office location.

Position Summary:

The Information Security Consultant will be responsible for all development of strategic and tactical plans for a comprehensive enterprise-wide information security program. 

Working with the Senior Information Technology Officer, the consultant will guide, advise on, and develop new policies and procedures through conducting a gaps analysis.  

Principle Duties and Responsibilities:

  • Conduct information security assessments in line with the organization’s methodology;
  • Identity and communicate key control deficiencies;
  • Assist with recommendations to address and rectify control deficiencies;
  • Validate evidence of closed security risks;
  • Draft content to develop policies and procedures to ensure compliance with requirements;
  • Provide a report on compliance progress to executive leadership, and other units, as required;
  • Proactively raise trends, potential threats, concerns or other information with the Vice President, Talent Engagement & Senior IT Officer;
  • Develops strategic and tactical plans for a comprehensive enterprise-wide information security program;
  • Leads the development of policies, technical standards, guidelines, procedures, and other elements of an infrastructure necessary to support information security in compliance with established company policies, regulatory requirements, and generally accepted information security controls;
  • Leads development of an information security risk management program that includes business, regulatory, industry practices and technical environment considerations;
  • Develops enterprise-wide security incident response plans and strategies that includes integration with business, compliance, privacy, and legal constituents and requirements; and
  • Other duties as assigned. 

Desired Qualifications:

  • Bachelor’s degree in Computer Science, Information Security, Tech or related field;
  • 6 or more years’ experience in information security audits in corporate environments;
  • Experience with large, complex global organizations;
  • Strong understanding of the compliance mechanisms required (GLBA, SOX, PCI, HIPAA etc.);
  • Strong knowledge of both internal and external audit functions;
  • Knowledge of IP networks infrastructure (topology, firewalls, intrusion detection/prevention);
  • Knowledge of Databases (SQL, Oracle, DB2);
  • Knowledge of vulnerability and compliance scanning instruments (Qualys, Imperva, eIQ Nessus, etc.);
  • Knowledge of security standards (CoBIT 5, ITIL, ISO 15504, ISO 20000, ISO 27000, ISO 31000, ISO 38500, NIST series 800 guidance) ;
  • Good knowledge of IAM control;
  • A thorough understanding of logging systems (System Event and Audit log collection);
  • Knowledge of data masking and encryption mechanisms (at-rest, in-motion, in-transit);
  • Knowledge of physical security principles;
  • Ideally an advanced network or security certification (CISM, CISSP, CRISC, CISA, CIA);
  • Ability to complete multiple, simultaneous projects with minimal supervision and prioritize incoming work appropriately;
  • English language proficiency;
  • Demonstrated problem solving, data analysis, and mapping skills; and
  • Good organization, self-motivation, and project management skills

Application Instructions:

Interested applicants are requested to submit their CV; a cover letter summarizing the capacity to implement the required tasks; and a requested daily rate.  Submissions are due by June 30, 2018 at 5:00PM EST.


Level of Effort:

The level of effort for this project is expected to be 5 days (40 hours).

We are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment and will not be discriminated against individuals on the basis of race, color, religion, sex, sexual orientation, national origin, age, disability, or protected veteran status. CNFA takes affirmative action in support of its policy to advance in employment individuals who are minorities, women, protected veterans, and individuals with disabilities.


Only those candidates selected for further consideration will be contacted.