Build your career in cybersecurity -
your way

Company Description

Wavestone is a global consulting powerhouse dedicated to empowering businesses to navigate today's dynamic and competitive landscape. With a presence in 17 countries and a team of over 5,500 experts, we combine first-class sector expertise with a 360° transformation portfolio of high-value consulting services.

At Wavestone, we go beyond simply offering solutions – we strive to build lasting partnerships with our clients. Our collaborative approach ensures we understand your unique challenges and tailor our strategies to achieve your specific goals. We are passionate about fostering a culture of positive transformation – empowering businesses to not only survive but thrive in the ever-evolving world of technology, digitalization, and artificial intelligence.

As a leading global consulting firm, Wavestone is deeply rooted in the vibrant business landscapes of the United States. With offices in New York City and Dallas, we leverage the innovation and entrepreneurial spirit of these cities to deliver exceptional consulting services. With a deep understanding of industries like Financial Services, Energy, Life Sciences, Healthcare, Transportation, and Retail, we offer a comprehensive range of IT transformation and business consulting services. From Cybersecurity and Operational Resilience to Data Strategy and Artificial Intelligence, Wavestone is a trusted partner in driving positive outcomes and setting new standards of excellence. We support CEOs and tech leaders (CDO, CTO, CISO, etc.) in crafting their IT strategy and optimizing their sourcing models to maximize the value of IT services and business processes.

Our 3 Business Circles and areas of expertise:

• Digital and Artificial Intelligence Transformation (DAT) – GenAI adoption, maturity benchmarking, cloud strategy, data strategy, service provider & solution selection, IT governance design & implementation
• Cybersecurity (CYB) - Identity and access management, regulatory remediation, incident response, resilience & crisis management, Strategy & roadmap, 360 OpRes Maturity Assessments
• Sourcing & Service Optimization (SSO) - Resource model strategy, vendor rationalization, go-to-market strategy, performance delivery valuation, services continuity strategy, functional sourcing strategy

Join us for a rewarding career in management consulting, offering competitive compensation, continuous learning, and many opportunities for professional growth. Shape the future of consulting and make a lasting impact - Apply now to join our team!

Read more at www.wavestone.com

• Managing engagements (totally or partially regarding your level of experience) with our clients, responsible for the day to day running of the engagements, including developing strategic recommendations and guidance, and ensure the highest quality service for our clients.
• Participating in the business development activity of the global practice which will include full lifecycle from pre-sales support, identification of cyber opportunities & scope the delivery phase of engagements
• Participating in the people development by sharing knowledge, mentoring, and coaching team members and leading by example
• Collaborating and coordinating across the different location (New York, Dallas, London, and Paris) in order to participate in the global practice development by creating thought leadership and marketing materials for selling and promoting our offerings
• Continuing to upskill and stay current with the market.
• Based on your profile and background, contribute to various internal activities (Career development, Thought leadership, etc.)

Required Qualifications

• 5-9 years’ experience in external client-facing consulting or equivalent role (IT, management, or cybersecurity focused consulting)
• Bachelor’s degree minimum
• Proven background leading Cybersecurity transformation programs both operational and strategic
• Good technical understanding to bring credibility to advisory work
• Ability to manage transformation projects
• Proven track record of supporting business development activities (account planning, pitches, proposals, value proposition development), based on your profile and background
• Excellent interpersonal skills at all levels of an organization, experience in managing and leading teams, developing and coaching junior members of staff, based on your profile and background
• Skills to create and deliver meaningful presentations with an impact and produced high-quality reports
• Comprehensive knowledge of at least 4 of the below Cybersecurity and/or Operational Resilience topics:
• Cyber Security Strategy/Maturity
• Security Governance
• Awareness & Training
• Risk Assessment/Management
• Security Strategy and Assurance
• Data Protection & Privacy
• Data Leakage Prevention
• Identity & Access Management
• Incident response and Threat intelligence
• Cloud security & Zero Trust
• Operational Resilience
• Crisis Management
• Disaster Recovery & Business Continuity
• Third party management and Exit Strategy
• Network securities

Preferred Qualifications

NA

Our Commitment

Wavestone values and Positive Way

At Wavestone, we believe our employees are our greatest ambassadors. By embodying our shared values, vision, mission, and corporate brand, you'll become a powerful force for positive change. We are united by a shared commitment to making a positive impact, no matter where we are. This is better defined by our value base, "The Positive Way," which serves as the glue that binds us together:

• Energetic - A positive attitude gives energy to lead projects to success. While we may not control the circumstances, we can always choose how we respond to them.
• Responsible - We act with integrity and take ownership of our decisions and actions, considering their impact around us.
• Together - We want to be a great team, not a team of greats. The team's strength is each individual member, each member's strength is the team.

We are Energetic, Responsible and Together!

Benefits

• 25 PTO / 6 Federal Holidays / 4 Floating Holidays
• Great parental leave (birthing parent: 4 months | supporting parent: 2 months)
• Medical / Dental / Vision coverage
• 401K Savings Plan with Company Match
• HSA/FSA
• [insert target bonus range for SC to M grade] % bonus based on personal and company performance with room to grow as you progress in your career
• Regular Compensation increases based on performance
• Employee Stock Options Plan (ESPP)

Travel and Location

This full-time position is based in our New York office. You must reside or be willing to relocate within commutable distance to the office. Travel requirements tend to fluctuate depend on your projects and client needs

Diversity and Inclusion

Wavestone seeks diversity among our team members and is an Equal Opportunity Employer.

At Wavestone, we celebrate diversity and inclusion. We have a strong global CSR agenda and an active Diversity & Inclusion committee with Gender Equality, LGBTQ+, Disability Inclusion and Anti-Racism networks.

If you need flexibility, assistance, or an adjustment to our recruitment process due to a disability or impairment, you may reach out to us to discuss this.

Go see our Wavestone website, our US specific page and LinkedIn page to see our most trending insights!!

Also, check our Introduction Booklet to read more about Wavestone; and get a feel of our culture hearing what Wavestone employees have to say in our video testimonials!

Description

Auria Space is seeking a Information Security Analyst to join our team in Colorado Springs, CO to support the Data Transport Product Support Sustainment Logistics Maintenance (DSLM) contract. The DSLM effort provides sustaining, maintaining, and logistics support for the operational capability to transfer data for the purpose of providing highly reliable and secure telemetry, tracking, command, control, and communications. DSLM primarily supports the Satellite Control Network (SCN).

Position Summary

Designs, tests, and implements state-of-the-art secure operating systems, networks, and database products. Leads risk assessments and provides recommendations for application design. Leads cybersecurity initiatives including architectures, firewalls, electronic data traffic, and network access. Provides guidance on encryption technology, penetration and vulnerability analysis of various security technologies, and information technology security research. May support security report preparation for delivery to regulatory agencies.

About Auria

Auria is a provider of solutions and software in support of complex Space, National Security, and Cyber missions of federal, international, and commercial customers. Headquartered in Colorado Springs, CO and with operations in Boulder, CO, Washington, DC, Huntsville, AL, Albuquerque, NM, Ogden, UT, and San Diego, CA, our success is built on the excellence of diverse teams advancing innovative systems and operational software to strengthen our customers’ superiority in Space. With a distinguished track record and a spirit of relentless pursuit, we set the pace for progress and execute every mission with the utmost precision.

When you join Auria as a full-time employee, you get many benefits which include:

• Generous PTO package with yearly tenure increases
• Flex time policy providing you the flexibility needed
• 11 Company-Paid Holidays per year
• Up to 4% match on 401(k) employee contributions, employer and employee contributions immediately vested
• Tuition and Certification Fee Assistance
• Low-cost medical plans that include company-sponsored HSA
• No-cost life insurance
• Employee Assistance Program (EAP)
• And much more!

Auria is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action-Employer, making decisions without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, marital status, national origin, age, veteran status, disability, or any other protected class.

• Maintain multiple RMF packages and performing risk assessments across mission systems supporting the Data Transport and Receive Network (DTRN) (e.g., SCN, SCN Test Lab, Orbital Analysis Subsystem).
• Serve as a cybersecurity expert leading and tasking Junior and Journeymen Information Security Analyst in effective RMF execution.
• Develops and implement an Anti-virus/Malware identification process for checking in/out of SCN equipment from/to SCN sites.
• Coordinates with Software Maintenance Action (SWMA) IA patching team and with the program office IA architecture team on an IA/Cybersecurity Roadmap to identify non-compliant IA controls and propose corrective actions.
• In coordination with the Government, employ system security engineering to design, develop and implement secure applications and configurations. In preparation of acquiring mission hardware for all IA-impacting projects/efforts, evaluate the COTS and GOTS, when available, hardware, firmware, and software information security components.
• Organize annual cybersecurity control validation within eMASS IAW DoDI 8510.01 and DoDI 8500.01.
• Attends Technical Interchange Meetings at key project phases (Requirements, Design, etc.) to obtain cybersecurity community buy off.
• Participates in the development and implementation of policies, procedures and standards related to information security, privacy and incident response, and monitors compliance to these policies and programs.
• Provides technical engineering services management for the support of integrated security systems and solutions.
• Uses tools and processes to monitor information systems for security-related events.
• Assesses cybersecurity configuration changes for major security infrastructure platforms.
• Helps maintain a library of security audit tools, and corresponding processes that can be used for system security testing, internal audits, incident response, and diagnosis of security-related system issues.
• Travel to CONUS and OCONUS locations may be required (up to 20%).

Minimum Qualifications:

• BS Degree in related field plus 5 years of related experience or equivalent combination of education / experience
• Active DoD Secret Security Clearance required or the ability to obtain and maintain one
• Qualified candidates will have demonstrated the following traits: technically competent, strong data analysis skills, solid decision making, critical thinking, strong customer focus, self-motivated, desire to learn, effective and professional interpersonal skills, pride in work, strong team player, and hardworking.
• Experience with VM, DMZ, Firewall configuration / auditing, networking or performing cyber assessments on network devices

Preferred Qualifications:

• DoD 8140 Cyber Defense Analyst or Vulnerability Analyst Intermediate Qualification or certification (e.g., CISSO, CySA+, GPEN, CISA, or technical BS from an ABET accredited or CAE designated institution [as defined in DoD 8140])
• SCN and/or DoD experience
• Cybersecurity Tool experience (e.g., eMASS, ACAS, ESS, SIEM, STIGs)
• Flexibility and willingness to take on unanticipated tasks is highly desirable.

Salary Range: The salary offered will be based on the selected candidate’s qualifications - skills, education & experience - and the position level ($86,000- $113,000).

Role Summary

Banesco USA is seeking an Information Security Officer for our Information Security Unit.

Company Overview

Banesco USA is part of Banesco International, a worldwide group of financial institutions with a presence in 15 countries.

As a corporation in continuous evolution, we promote the ongoing professional and personal development of our employees, by embracing challenges and adapting to the changing environment of today’s world. We aim to develop integral human beings, committed to making a difference at the workplace and out in the world.

Our actions are rooted in our Values: Reliability, Responsibility, Quality, and Innovation. We believe that we all have the same ability to transform our daily tasks into significant contributions, and therefore, Leave Our Mark.

At Banesco USA, one of our most valued assets is our enthusiastic team, which strives every day to create a world-class organization in an ever-changing world. Together, our team has made us a market leader and we invite you to join us.

• Responsible for the ongoing management of the Information Security Program which includes information security policies, procedures, and technical systems in order to maintain the confidentiality, integrity, and availability of all the organization.
• Development and maintenance of policies related to security (Infrastructure/Applications), network architecture, monitoring, and entitlement.
• ISO will approve all requests for access to information technology, applications, and systems in addition to approving all changes or removals of access.
• Lead all Incident Response activity and will be responsible for coordinating with Law Enforcement as appropriate, provide recommendations to Executive Management on the best course of action, and oversee incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary.
• Responsible for all physical security for the bank, including burglar and fire alarm systems, video recording systems, guard services, etc. are all part of the scope of physical security managing the systems and vendor relationships associated with this area.
• The ISO is responsible for security audit and continuous monitoring of the IT Security Control environment.
• The ISO will oversee compliance with Annual Execution of the BIA/BCM updates, review, and testing and will report to Executive Management the status of these activities. The ISO will be responsible for coordinating the annual BCM testing and will review and approve all scenarios that will be used for the plan.
• Responsible for approving all change management requests involving Infrastructure, applications, middleware, telecommunications, etc., that impact the security posture of the organization.
• Recommends information security strategies, policies, and procedures by evaluating organization outcomes; identifying problems; evaluating trends; anticipating requirements.
• Provide vendor security evaluation and due diligence prior to vendor selection and routinely evaluate the effectiveness of controls after vendors and service providers initiate service.
• Collaborate with management in the strategic planning of information security policies and procedures. Work with management, department heads, the CIO, Compliance Officer, Risk Management, Human Resources, etc., to ensure compliance with the security and privacy regulations and state and federal laws protecting customer confidentiality and privacy.
• Revise the security program as necessary to comply with changes in the law, regulations, professional ethics, and as necessary because of changes in business operations.
• Responsible for providing training to employees on security policies, GLBA, and other topics and prepare papers/articles on good security practices.
• Maintain awareness of changes in security risks, security measures, and computer systems.
• Ensures completeness and accuracy of inventory of all IT systems and IT controls. The inventory should include detailed descriptions as well as diagrams to show the physical and logical placement of systems and controls, and must maintain compliance with regulatory requirements.
• Routinely monitor, evaluate and periodically test IT controls deployed at the bank such as:
• Intrusion Detection Systems (IDS) and incident response, including preparation of detailed analysis reports and incident response documentation
• Firewalls
• Server log data to correlate with known and potential security vulnerabilities and integrity issues
• Patch management
• Responsible for completing annual training program assigned.
• Performs other functions and/or duties as assigned.

Required Qualifications:

• Education: Bachelor’s Degree in Information Technology or equivalent work experience.
• Experience: Ten (10) years of experience in the Banking industry in the Information Security unit.
• Proficient and advanced computer skills including but not limited to proficiency in Microsoft Office (Word, Excel, Power Point, etc.)
• Must be bilingual in both English and Spanish. Ability to fluently speak, understand, read, and write both languages.
• Strong verbal and written communication skills, ability to communicate at all levels of the organization.
• Strong attention to detail and accuracy.
• Knowledge of the bank’s system and processing activities.
• Experience in Management of both physical and logical information security systems.
• Strong analytical skills in order to detect and identify weaknesses in the bank’s systems and the ability to identify the root cause of the weakness.
• Strong technical skills (application and operating system hardening, vulnerability, assessment, security audits, TCP/IP, Intrusion detection, firewalls, etc.
• Strong presentation skills to various levels of the organization.
• Strong knowledge of Banking Regulations compliance, and bank security rules and regulations.
• Ability to multi-task, with strong organization, time-management and prioritizing skills.
• Strong customer service skills, ensuring satisfaction of both internal and external customers.
• Ability to work and complete tasks producing high-quality results within a fast-paced environment.

Benefits

• Competitive base salary.
• PTO
• Hybrid Work Model (remote and on-site work)
• Tuition Reimbursement.
• Paid Parental Leave
• Medical, Dental, Vision
• 401k
• Life Insurance
• Supplemental Insurances
• Short-Term & Long-Term Disability