RGP is a global consulting firm helping some of the most recognized companies in the world work differently. Our success comes from a shared belief in rolling up our sleeves and doing the hard work of solving complex challenges, executing plans and implementing technology to help transform organizations.
Working as a consultant you will be connected to work that matters, putting your expertise to its best use while developing skills for the future.
The result is a career defined by you, supported by RGP and built on tangible accomplishments.
Accounting Management Consultant
Hong Kong, , CN
IT Project Management Consultant
Hong Kong, , CN
As we continue to grow and deepen our impact on organizations around the world, we are looking for the right people to join us on our mission.
If you are interested in being part of our team, there a few things you should know :
We are energized by challenges and the effort needed to solve them.
We like working with people who are positive, adaptable and growth-minded.
We care how work gets accomplished and are deeply invested in the success of our clients and our colleagues.
If this sounds like you, we invite you to read on and learn more.
THE RGP CONSULTING EXPERIENCE
RGP has a unique consulting model that provides opportunities for consultants to work in different ways. Most consultants work in a model where they have the flexibility and autonomy to choose projects aligning to their experience, skills and desired lifestyle.
Other opportunities exist in team-based, strategy and solutions work. In all models, you will feel the full support of RGP to assist you in your work and guide you on your chosen path.
PURPOSE OF THE ROLE
As an Information Security / IT Risk Consultant, you will be responsible for understanding and analyzing a company’s IT requirements and advise on IT security solutions.
You will assist with the management and supervision of the implementation of solution procedures and change management processes.
ATTRIBUTES OF CONSULTANTS WITH RGP
Respect for people and opinions and confidently offer your point-of-view with clients and among colleagues
A drive for proactively cultivating relationships with clients and colleagues
Optimism when faced with challenges and complex situations, coupled with the drive to solve client issues
Dedication to continuous improvement and development of your skillset and talents
A strong personal identification with RGP’s values loyalty, integrity, focus, enthusiasm, accountability and talent
KEY RESPONSIBILITIES OF THE ROLE
Lead IS Governance and Risk’s continuous process improvement projects such as application security risk assessment and self-assessment processes against IS standards
Support requirements gathering and design efforts of critical projects as needed
Perform security risk assessments (SRA) according to the SRA framework and IS standards for custom-developed and third-party applications within the existing infrastructure
Assist in identifying application control deficiencies as well as the associated risks
Document IS risks to identify the relevant impact to enterprise systems, infrastructure and business processes; Develop and maintain process, risk methodologies and SOP documentation
Understand and effectively communicate how vulnerabilities can be exploited within technology and the enterprise environment
Provide remediation recommendations and / or recommend alternate solutions to resolve gaps against IS Standards
Provide security consulting and advisory services to business units and project teams
Develop action plans and / or recommend alternate solutions to resolve exceptions to standard operating procedures
Research and maintain knowledge base regarding industry frameworks, best practices, information security issues, solutions and potential implications
DESIRED EXPERIENCE AND REQUIREMENTS
Bachelor Degree in Information Systems or related field or an equivalent combination of education and experience required
Minimum 7 to 11 years of hands-on technology risk, security and / or governance experience
CISSP, CISA, CISM, CIA or equivalent designation preferred
Solid understanding of information security policies, standards, industry best practices, and frameworks (i.e. ISO 27K, NIST 800 series, OWASP, COSO, CoBIT)
Solid understanding of application and network security, OSI model, information security architecture and security technologies (i.
e. penetration testing tools)
Familiarity with common platforms, databases and applications (i.e. Oracle, SAP, web development tools, virtualization, UNIX and Linux)
Experience managing and developing baseline security configurations and experience with common industry guidelines (CIS, STIGs, etc.)
Experience with common SDLC and / or process improvement methodologies (i.e. Lean, Six Sigma, Agile, etc.)
Communicates effectively verbally and in writing, and expresses conclusions and recommendations in a clear, technically sound manner
Equal Opportunity Employer RGP is proud to be an Equal Opportunity Employer.