[Hiring] Security Advisor @Nelnet

Role Description

The Security Advisor provides information security and privacy consulting and compliance services using accepted standards, frameworks, and best practices including but not limited to NIST SPs 800-53 and 800-171, NIST CS. Security Advisors assess and report on customers’ compliance with various rules, regulations, and standards such as PCI DSS, CMMC, GDPR, FERPA, HIPAA/HITECH, GLBA, and FTC Red Flags. The Security Advisor will gather and analyze customer information, make remote and/or physical site visits, conduct interviews, make observations, take appropriate notes, perform gap analysis, review evidence and documentation, and complete reports on findings with remediation recommendations where necessary.

• Assess and report on customer business and technical environments, operations/procedures, administration of infrastructure, compliance programs, and policies and procedures.
• Consult both onsite and remotely with customers to collect, review, and analyze data related to current institutional policies, business practices and procedures, network infrastructure, IT system configurations and physical security.
• Perform gap analyses of current environments, controls, and programs.
• Review requirements with application and service providers as necessary to achieve information security and compliance objectives.
• Make recommendations for remediation steps required to achieve information security and compliance objectives.
• Review customer-prepared documents and reports, and provide feedback/guidance to ensure accuracy.
• Work in a home office environment with minimal supervision.
• Ability to travel required (25 to 50%).
• Other duties as assigned.

Qualifications

• Bachelor’s degree or 5 years’ experience in information security or privacy, preferably in the practical application of security/privacy controls to business systems and processes.
• Must possess at least one of the following industry-recognized audit and information security certifications:
  • Certified Information System Security Professional (CISSP)
  • Certified Information Systems Auditor (CISA)
  • Certified Information Security Manager (CISM)
  • Certified Internal Auditor (CIA)
  • GIAC Systems and Network Auditor (GSNA)

Requirements

• Understanding of and familiarity with information security, compliance, and privacy frameworks and standards including NIST SP 800-171, NIST CSF, ISO 27000, GLBA, GDPR, and PCI DSS.
• Understanding of information systems, networks, and related security issues.
• Understand core compliance program elements such as policies, procedures, training, third-party oversight, device protection, inventory/scope verification, and incident response.
• Understanding of risk assessments and targeted risk analyses.
• Technical understanding of foundational IT models, such as the OSI Model, is highly desirable.
• Expertise in modern technologies such as networking protocols, system architecture, cloud computing platforms, virtualization, cybersecurity principles, and emerging IT trends.
• Creating high-quality deliverables using appropriate business and technical language.

Benefits

• Medical, dental, vision, HSA and FSA.
• Generous earned time off.
• 401K/student loan repayment.
• Life insurance & AD&D insurance.
• Employee assistance program.
• Employee stock purchase program.
• Tuition reimbursement.
• Performance-based incentive pay.
• Short- and long-term disability.
• Robust wellness program.