Security Consultant

About Nearshore Cyber

Nearshore Cyber is dedicated to delivering top-tier Security, Risk, and Compliance consulting services. Our commitment to excellence, participation, integrity, and collaboration sets us apart in the industry. We strive to create a dynamic and inclusive environment where innovation and teamwork drive success.

Who We Look For

We are seeking a mid-level Security Consultant with a minimum of 5 years of experience. The ideal candidate is a strong communicator and active listener, skilled at navigating diverse audiences and situations. They are self-aware, adaptable, and able to connect people, data, trends, and experiences. Our consultants are mature, humble, and genuine, consistently going above and beyond for clients and colleagues. They are ethical, trustworthy, and committed to our core values even in challenging situations. A passion for learning and technology is essential, as is the ability to inspire and excite others.

What We Do

Our Security Consultants work with clients at all organizational levels, from the C-suite to the shop floor, helping them achieve their most strategic initiatives. We deliver realistic, data-driven decisions that provide tangible value to our clients. Our consultants are known for their ability to break down complex programs and frameworks into actionable steps.

Key Responsibilities

• Participate in Cybersecurity, Information Security, Risk, Compliance, and/or Data Privacy Programs or Projects under the guidance of senior consultants
• Compliance framework mapping and implementation
• Regulatory mapping and implementation
• Advisory-side, risk, or regulatory remediation management
• Readiness for new laws and regulations
• Risk, Compliance, or Information Security risk reporting and monitoring
• Creation of roadmaps to mature or advance Risk, Compliance, and Information Security Strategies/Programs/Controls
• Design and enablement of cyber controls functions and processes
• Change management related to regulatory adoption or compliance changes
• Audit or certification readiness
• Assist with GRC (Governance, Risk, and Compliance) related tasks and projects
• Work with GRC/Cybersecurity solutions, tools, and technologies
• Design or mature controls for technical areas such as Software Development, Identity and Access Management, Business Continuity and Resiliency, Cloud
• Apply industry-specific regulations, laws, and standards such as SOC 2, ISO 27001, CMMC / NIST , NIST 800-53, CCPA/CPRA, HIPAA, PCI
• Serve as an internal auditor on client audit preparation
• Coordinate and advise clients through external audits
• Continuously learn from senior consultants to develop expertise and advance within the role

Qualifications

• Humble, Hungry, Smart
• Demonstrated business and technology acumen
• Strong written and verbal communication skills
• Experience solving real business problems
• Proven track record of delivering results
• Experience working with and/or supporting a team
• Ability to work across industries, roles, functions, and technologies
• English language fluency at C1 or C2 level
• Physical presence in Mexico with valid work authorization to work in Mexico

Preferred

• Bachelor's degree
• 5+ years of professional experience
• Relevant cybersecurity, systems, or networking certifications: CC (Certified in Cybersecurity), CEH, CCNA, CompTIA Security+, GISF, GSEC, SSCP, ISACA Cybersecurity Fundamentals Certificate
• Experience across our service offerings

NICE Framework Work Roles:

• Security Control Assessment (OG-WRL-012)
  • Conduct security control assessments and audits
  • Evaluate effectiveness of security controls
  • Support SOC 2, ISO 27001, CMMC, PCI DSS assessments
  • Coordinate external audit processes
  • Document assessment findings and remediation recommendations
  • Knowledge of NIST 800-53, ISO 27001, compliance frameworks
  • Skills in security control evaluation and gap analysis
• Cybersecurity Policy and Planning (OG-WRL-002)
  • Develop cybersecurity policies, standards, and procedures
  • Create strategic roadmaps for security program maturation
  • Conduct regulatory mapping and gap assessments
  • Map requirements to compliance frameworks
  • Facilitate policy development and stakeholder engagement
  • Knowledge of NIST CSF, ISO 27001, risk management methodologies
  • Skills in policy development, regulatory mapping, strategic planning
• Systems Security Management (OG-WRL-014)
  • Manage cybersecurity programs and projects
  • Oversee security control implementation
  • Develop security metrics and risk reporting
  • Coordinate security governance activities
  • Monitor compliance with security policies
  • Knowledge of GRC tools, security operations, incident response
  • Skills in program management, security metrics, cross-functional coordination
• Privacy Compliance (OG-WRL-008)
  • Develop and maintain privacy compliance programs
  • Conduct privacy impact assessments
  • Ensure compliance with GDPR, CCPA/CPRA, HIPAA
  • Develop privacy policies and procedures
  • Coordinate privacy incident response
  • Knowledge of privacy laws, data protection principles, privacy technologies
  • Skills in privacy assessments, data mapping, privacy policy development
• Systems Authorization (OG-WRL-013)
  • Support system authorization and accreditation processes
  • Facilitate Authority to Operate (ATO) processes
  • Support Risk Management Framework implementation
  • Review security authorization documentation
  • Coordinate continuous monitoring programs
  • Knowledge of NIST SP 800-37, authorization processes
  • Skills in authorization facilitation, risk documentation, stakeholder coordination
• Security Architecture (DD-WRL-001)
  • Design security architectures and controls
  • Develop security requirements for technical systems
  • Design controls for IAM, cloud, software development, business continuity
  • Evaluate security solutions and technologies
  • Knowledge of enterprise architecture, cloud security, zero trust
  • Skills in security architecture design, technical control specification

Key Competency Areas:

• Risk Management
• Compliance
• Governance
• Security Program Management
• Privacy
• Cyber Resiliency