Apply on Employer Site

Tevora · 10 hours ago

Senior Information Security (Analyst – Consultant) Strategic Services

Irvine, CA

Full-time

Onsite

Mid, Senior Level

$105K/yr - $140K/yr

2+ years exp

Tevora is a tight-knit community of professionals dedicated to cybersecurity, technology, and compliance. The Senior Information Security Analyst is responsible for delivering expert assessment and solution implementation services to clients, evaluating their environments and guiding them through complex challenges.

Management Consulting

Growth Opportunities

Responsibilities

Lead and support various client engagements, including Enterprise Risk Assessments, Privacy Impact Assessments, and Risk /Privacy / Program Buildouts

Facilitate collaborative assessment processes such as scoping, leading client interviews/workshops, and ensuring open dialogue and understanding of client-specific challenges

Manage client expectations and ensure project deliverables align with their business objectives and regulatory requirements

Perform comprehensive point-in-time assessments of client cybersecurity posture against industry standards and frameworks (e.g., NIST CSF 2.0, CIS Critical Security Controls)

Conduct maturity assessments across various domains, including IT Risk Management, IT Service Management, and specific security controls

Evaluate critical platforms and tool use cases, assessing their effectiveness and alignment with client needs and best practices

Identify security gaps, vulnerabilities, and control weaknesses through documentation review, interviews with key personnel, and observation of operational processes

Assess client compliance with relevant laws, regulations, and contractual obligations, including PII, PHI, and IP considerations, specifically HIPAA and PCI DSS

Design and implement enterprise-wide IT risk management programs based on NIST principles, integrating cybersecurity risk with overall enterprise risk management (ERM)

Establish risk governance structures, define roles and responsibilities, and develop risk management strategies for clients

Develop and implement policies and procedures related to application security, data protection, and privacy

Create roadmaps for program implementation, such as Technical Impact Analysis (TIA) programs, including stakeholder engagement, data collection, and continuous improvement

Prepare comprehensive assessment reports, compliance narratives, and strategic roadmaps for executive and technical client stakeholders

Present complex technical and risk information clearly and concisely to diverse client audiences, supporting informed decision-making

Ensure all findings, recommendations, and program documentation are auditable and support client compliance requirements

Engage effectively with both internal and external stakeholders, including client project managers, client leadership, internal managers, and junior team members, to ensure alignment and successful project outcomes

Facilitate cross-functional communications with other team members and departments, fostering collaboration and knowledge sharing

Qualification

IT Risk ManagementCybersecurity ControlsIndustry FrameworksAssessment ExpertiseRisk Management StrategiesCommunication SkillsClient EngagementStakeholder EngagementCollaborationProblem SolvingTime ManagementTechnical WritingTeam LeadershipAdaptability

Required

Bachelor's degree in information security or related discipline

Proficiency In IT Risk Management frameworks (e.g., NIST RMF, NIST CSF 2.0) and knowledge of up to two of the following industry frameworks and regulations CCPA/CPRA, GDPR, NIST Privacy, NIST RMF, PCI, ISO, HIPAA

Strong knowledge of cybersecurity controls, vulnerability management, identity and access management, detection and response, product security, and security operations, including CIS Critical Security Controls

Ability to synthesize complex technical and business information, identify patterns, and develop actionable recommendations

Excellent written and verbal communication skills, with the ability to present detailed technical and analytical findings clearly and concisely to both technical and non-technical audiences, including executive leadership, project managers, and technical teams

Proven ability to tailor communication style and content to different audiences, from junior staff to senior management, both internally and externally

Advanced capability in performing various types of assessments (point-in-time, maturity, risk, technical) and integrating findings from multiple sources

Hold current standing with at least one industry relevant certifications, such as CISM, CISA, CRISC, CISSP

Ability to coordinate and manage multiple priorities in a fast-paced environment, working both independently and collaboratively

Ability to travel up to 10% for client-related or internal-related activities as needed

Eligibility to work in the United States

Preferred

At least 2 years' experience in a client-facing role (e.g., consulting or external auditor)

Experience operating industry-relevant tools (e.g., GRC platforms, and other privacy and risk management solutions such as BigID, OneTrust, etc.)

Familiarity with Artificial Intelligence (AI) Risk Management (AI RMF), AI Governance, and AI Security

Benefits

Comprehensive benefits including: Medical, Dental, Vision & Basic Life Insurance

Paid Vacations, Sick Time, & Holidays

401 (k) with discretionary company match

Vibrant work culture

Company

Tevora

Tevora is a specialized management consultancy focused on cyber security, risk and compliance services.

Founded in 2003

Lake Forest, California, USA

201-500 employees

http://www.tevora.com/

Funding

Current Stage

Growth Stage

Leadership Team

Ray Zadjmool

Chief Executive Officer

Recent News

EIN Presswire

Revisions Better Connect Tevora’s Advisory Strengths with Secuvy’s Automation

2025-11-05

CRN

5 Companies That Came To Win This Week

2025-11-01

CRN

Web Security Vendor Reflectiz Lands Series B Funding, Aims For Channel Push

2025-10-30

Company data provided by crunchbase