By Light Professional IT Services

Assessment Lead

Job Locations US-MD-Hanover
Posted Date 2 months ago(1/21/2020 9:52 AM)
# of Openings
Information Technology


By Light’s cybersecurity team, EmberSec, is hiring a full-time Assessment Lead to support the GRC practice with ISO, HITRUST and NIST audit frameworks. The Assessment Lead will serve a critical role in performing and leading audit and assessment engagements. This position will be fast paced, hands-on and customer focused. On a daily basis, the qualified candidate must effectively cope with change, shift gears comfortably, decide and act without having the total picture, and handle risk with uncertainty. Have the ability to think-outside-of-the-box for creating streamlined processes for the department and be comfortable interfacing with customers and team members across all business lines.


  • Serve as the primary lead for assessments
  • Assess cyber-related policy, procedures, legislation, and implementation directives
    Assess and or remediate compliance with industry statutes and regulations across multiple industries that are relevant to IT (e.g. PCI, HITRUST, FEDRAMP, NIST, ISO 27k, SOC2, etc.)
  • Develop and operationalize enterprise information security programs and related components
    Perform information risk, security and related compliance assessments, including testing of related controls
  • Conduct on-site client engagements
  • Initiate and manage multiple projects concurrently
  • Collaborate with partners and customers to identify information systems and networks in scope for assessments
  • Provide guidance on the administration and maintenance of security systems infrastructure, applications, devices, tools and software services in the cloud.

Required Experience/Qualifications

  • Bachelor's Degree in Information Systems, Accounting, Computer Science, or a Cybersecurity related discipline
  • 4+ years of experience in cybersecurity, governance & compliance, and cyber related risk management
  • 3+ years of experience managing/conducting audit style assessments
  • Advanced written and verbal communication skills
  • Knowledge and awareness of the latest information risk, security and compliance innovations, trends, challenges and solutions
  • Exposure to industry acclaimed information governance, risk and security standards/frameworks and professional practices (i.e. HITRUST, NIST, ISO, CIS Top 20, ISSA, PCI, etc.)
  • Knowledge of information security related solutions, tools and utilities
  • Ability to present or lead technical presentations and discussions
  • Able to produce and build department best practices, procedures and methodologies for conducting assessments
  • Ability to travel up to 50% (25% is currently the norm)

Preferred Experience/Qualifications

  • Experience providing guidance on the administration and maintenance of security systems infrastructure, applications, devices, tools and software services in the cloud
  • CISM, CISSP, HITRUST, CISA, CGEIT, or CRISC certification(s)
  • DevSecOps knowledge or the willingness to learn
  • AWS, Azure, Google Cloud Platform certification(s) and or the willingness to obtain


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed