About VeraSafe:

VeraSafe is an innovative and successful U.S. headquartered privacy and cybersecurity compliance consulting firm and law firm. Due to rapid growth and increased demand for our international privacy and technology compliance and legal services, VeraSafe is seeking creative, motivated, and collaborative IT security experts to join our team. This is a fully remote position.

Watch / listen to learn more about VeraSafe: Check out our podcast!

Apple Podcast: https://apple.co/4b28hwE

YouTube: https://www.youtube.com/@PrivacyInPractice/videos

Spotify: https://bit.ly/4moSMU7

VeraSafe is proud to be certified as a Great Place to Work©, with 97% of our employees affirming that we are truly a great place to work. This means we foster trust, collaboration, and a positive work environment. We are committed to maintaining this standard of meaningful work, work-life balance, and a supportive community. Check out our great benefits, which are listed at the end of this job description.

About the Role:

VeraSafe’s mission: Provide the world’s best data protection advice, with a human touch. Right now, we are seeking an IT Security Advisor to join our growing team and help us pursue this mission.

Our clients vary in size, location, industry, and service needs, and they love the way we advise on privacy compliance. They love our work so much, in fact, that there is a growing demand for our cybersecurity consulting (hence the need for you!).

This is an excellent opportunity for anyone who wants to join a team working on the cutting edge of privacy, data protection, and cybersecurity, and is excited about assisting a wide range of clients with fractional CISO-type support, including IT security program design, implementation, and management.

Key Responsibilities

Practice Development:

• Serve as an integral part of VeraSafe’s cybersecurity consulting practice area through the management of client relationships and both individual and team projects/deliverables.
• Expand on VeraSafe’s security consulting offerings, including—but certainly not limited to—Microsoft 365 hardening, configuration auditing, and risk assessment.
• Further develop internal service delivery methodologies, documentation, templates, and quality control processes.

Client Engagement and Delivery:

• Handle consulting projects, including fractional-CISO-type engagements, with a strong focus on securing Microsoft 365 environments.
• Conduct detailed cybersecurity risk assessments, including analysis of current security controls, vulnerabilities, and threat landscape.
• Provide oversight and strategic direction for incident response, including breach containment, investigation, and post-incident review.
• Lead and execute security assessments, architecture reviews, IT security policy drafting and implementation, and remediation planning.
• Communicate findings and recommendations to clients clearly and professionally either through written reports and executive briefings or execution of hands-on implementation.
• Build trusted relationships with client stakeholders, including CISOs, IT directors, and compliance teams.
• Collaborate with project managers and privacy-focused project teams to determine and meet client requirements and specific project needs. Analyze practical situations and develop solutions to specialized needs.

Thought Leadership and Cross-Functional Collaboration:

• Stay current on evolving security threats and technologies.
• Represent our IT security practice internally and externally, including contributions to client alerts and conference talks.
• Collaborate with VeraSafe’s Professional Services team to ensure tight integration between our IT security and privacy advisory services.

Required Qualifications:

• At least four years of hands-on experience in IT security consulting, IT security engineering, or equivalent.
• At least one relevant certification (e.g., CISA, CISSP, CISM, CRISC, CCSP, SC-100 Cybersecurity Architect).
• Deep technical expertise in Microsoft Defender XDR, CrowdStrike Falcon, SentinelOne, or other similar technologies.
• Proficiency with IT security standards and frameworks (e.g., NIST CSF, ISO/IEC 27001, NIST 800-53, NIST 800-171, CIS Controls).
• Experience performing audit readiness assessments for frameworks, laws, and regulations (e.g., POPIA, HIPAA, ISO, NIST, GLBA).
• Technical background in scripting, automation, or security tooling (e.g., PowerShell, Sentinel, Defender for Endpoint).
• Experience developing and conducting tabletop exercises such as Business Continuity and Disaster Recovery scenarios.
• Experience conducting enterprise-wide formal risk assessments.
• Strong understanding of email security (e.g., DKIM, DMARC, SPF).
• Familiarity with security stacks (e.g., SIEM/SOAR, IAM, EDR, CASB).
• Strong understanding of cloud security posture assessments.
• Strong understanding of enterprise security principles, zero trust architecture, and IT security risk management.
• Excellent client-facing communication and report writing skills.
• Team player, interested in contributing to a growing enterprise.
• Strong writing/editing skills and attention to detail.
• Willingness to learn new skills and receive direction and feedback from team members.
• Willingness to pursue and maintain privacy certifications (e.g., CIPP/E, CIPM, CIPT).
• Willingness to work occasional evenings, primarily for full team meetings or essential client work.

Preferred Qualifications:

• Experience working directly with clients, in a service-oriented environment.
• Experience building or growing a consulting practice or service line.
• Experience in regulated industries (e.g., healthcare, finance, pharma).
• Familiarity with contract provisions that address data protection and security responsibilities.
• Experience migrating or overseeing the migration of systems from on-premises or hybrid to cloud-federated systems.
• Experience with development and implementation of incident response plans.
• Professional involvement in the privacy and/or data security space (attendance at privacy conferences; membership or publication in the IAPP, ISACA, etc.).
• Privacy certification (or similar).

Immediate Supervisor:

Senior Vice President and Head of Professional Services

Key Competencies:

• Detail-oriented and highly organized with a strong work ethic.
• Ability to thrive and perform in a fully remote and international environment.
• Excellent written and verbal communication skills.
• Highly skilled in time management to enable successful work with international teams in meeting deadlines.
• Highly capable of independent work to fully deliver on all commitments.
• Ability to work productively in a cross-functional, multi-disciplinary consulting team.
• Experience building and maintaining relationships with colleagues and clients through polished, professional interactions and products regardless of the client’s experience with VeraSafe’s service line.

VeraSafe Values:

In addition to technical knowledge, skills, and competencies for a specific position, VeraSafe seeks team members who are proficient in values critical to our organization. We are seeking individuals who demonstrate interest in and experience applying creativity, feedback, and business acumen in a welcoming culture that recognizes what each individual contributes to our team.

VeraSafe’s Excellent Benefits Include:

• Work from almost anywhere with Wi-Fi
• Paid Time Off (PTO)
• Paid holidays
• Annual bonuses
• Membership in the International Association of Privacy Professionals (IAPP) and IAPP exam fee reimbursement (CIPP/E)
• Flexible working schedule in some roles
• Reimbursement for certain personal flight ticket
• Company laptop provided

Other Benefits:

• Tremendous professional development growth opportunities in the privacy, data protection, and cybersecurity niche.
• The chance to have a long-lasting effect on a small but growing international business.
• Work in an open environment with a team that respects your ideas and contributions.
• Occasional opportunities to travel in North America and Europe.

Our HR Privacy Notice is available at the following link:

https://verasafe.com/legal/human-resources-privacy-policy/

Note:

There are several steps to our recruitment process, each carefully crafted over the span of our 16 years in operations, to best ensure you and VeraSafe are a strong match – we want to hire team members who will thrive by being a part of our team! We recognize the investment of time can be a burden, but we think it’s worth it, and we appreciate you taking the time to complete it. We’ve found it enables us to find the best team members, regardless of their experience, where they went to school, or where they were trained. We want smart, kind, creative colleagues, plain and simple, and our process is a crucial part of our ability to hire this way.