Consultant Development Program (Winter) - Tevora
Irvine, CA
About the Job
Consultant Development Program (Winter)
at Tevora
Irvine, CA and Fairfax, VA - DC Local
January 22nd, 2024, to April 4th, 2024.
If you haven't heard of Tevora, it's because we've done our job!
Tevora is a tight-knit community of professionals with a shared passion for our craft. Every day, we combine in-depth knowledge of cybersecurity, technology, and compliance to help create more secure digital environments. To Tevorans, every problem is a puzzle in need of solving. We strongly believe that if we put smart, driven people in a room together, they will accomplish great things. We maintain a supportive culture that celebrates continuous learning, diverse perspectives, and sharing the wins. That's why we have our eyes on you.
What's the role? We are pleased to announce we are opening our Consultant Development Program our program is an immersive paid-training program designed to help you strengthen the technical and professional skills you'll need to enter the workforce as a full-time Information Security Associate. Our anticipated start date of this cohort will begin on Jan 22nd, 2025, to Apr 5th, 2025. Tevora University & Mentorship Program
- Practice Disciplines and Consultant 101 taught by Managing Directors
- Taught curriculum involves independent study and hands-on project work with mentoring from experienced Consultants and Practice Leads
A day in the life could include:
For the practice areas that you choose to explore, your expected activities and responsibilities include:
- Research emerging information security risk, privacy, and compliance topics for white papers and knowledge sharing
- Analysis of client organizations to investigate and identify information security risks and security control vulnerabilities
- Assist with researching risk treatment and vulnerability remediation for client reports
- Joining interviews with various clients' subject matter experts to assist in data collection
- Assist in template and procedure creation for Compliance and Risk solutions
- Assist in report writing and delivery of client reports
- Learning about National and International standards, frameworks, and legislations that govern the industry, such as ISO 27000, SOC, HIPAA, PCI DSS, GDPR, and NIST.
Please review our different practice areas:
Federal (FED)
- Work with organizations connected to the Federal Government, such as defense contractors, financial institutions, and telecommunication systems, to develop and maintain information security programs that adhere to the standards of the Federal Government.
- Conduct assessments, develop Governance programs, and provide General Advisory Services to help navigate Federal Government standards including:
- Federal Information Security Management Act (FISMA)
- Federal Risk Authorization Management Program (FedRAMP)
- Defense Federal Acquisition Regulation Supplement (DFARS)
- North American Electric Reliability Corporation (NERC)
- New York State Department of Financial Services (NYDFS) Cybersecurity Maturity Model (CMMC)State Risk Authorization Management Program (StateRAMP)
Solutions (SOL)
- Plan technical execution plans to meet business requirements
- Gather requirements to complete execution plans
- Execute on previously designed plans
- Document execution procedures and provide professional insights into technologies involved
- Assist Consultants with client engagements
Healthcare (HLC)
- Work with hospitals, clinics, insurance companies, medical device manufacturers, and many other technologies service organizations in the Healthcare industry to ensure the protection of Protected Healthcare Information (PHI)
- Perform organizational security posture and control assessments against Healthcare organizations to validate adequate protection of sensitive healthcare data and ensure compliance against HIPAA and HITRUST.
- Provide General Advisement Services to help organizations navigate and implement HIPAA and HITRUST compliance upon changes to strategic initiatives, projects, and infrastructure architecture.
Threat (TRT)
- Participate in Internal and External network penetration tests
- Participate in Web application penetration tests
- Study penetration testing methodologies and spend time in training labs
- Shadowing of penetration testers and learning in real-world scenarios
- Remediation validation and reporting support
- Writing executive and technical summaries of test results and activities
- Communication of test status and findings with clients
- Complete other tasks as assigned by your assigned Mentor or Team Lead
International Organization for Standardization (ISO)
- Joining interviews with various clients' subject matter experts to assist in data collection
- Assist in template and procedure creation for ISO Compliance and Risk solutions
- Assist in report writing and delivery of client reports
- Learning about National and International standards, frameworks, and legislations that govern the industry, such as ISO 27000 series (e.g., 27001, 27017, 27018, 27701, etc.), ISO 22301, ISO 42001, and other international standards
- Assess the security posture of organizations across a multitude of industries against internationally recognized ISO 27000 series standards established by the International Organization for Standardization (ISO)
- Support organizations in the development of an ISO 27001 compliant Information Security Management Systems (ISMS), a systematic and iterative approach managing organizational risk for all forms of sensitive data.
- Aid organizations in aligning their ISMS with ISO 27018 and 27701, a globally recognized standard designed to ensure security and privacy of Personally Identifiable Information (PII) within Cloud applications or services.
- Support organizations in the development of an ISO 22301 compliant Business Continuity Management Systems (BCMS), a systematic and iterative approach managing organizational business and disaster recovery.
Payments (PYT)
- Support organizations across a multitude of industries in the protection of credit card data
- Perform in-depth technology and process control assessments to validate adequate protection of credit card data and ensure compliance against the Payment Card Industry Data Security Standard (PCI DSS)
- Perform Payment Application (PA-DSS) technical control assessments to validate payment processing software used within Point-of-Sale are adequately protecting credit card data via appropriate use of cryptography, authentication, secure coding practices, and other technical controls.
- Provide General Advisement Services to help organizations navigate PCI DSS compliance upon changes to strategic initiatives, projects, and infrastructure architecture.
Systems and Organizations Controls (SOC)
- Perform comprehensive System and Organization Controls (SOC) assessments to against service provider organizations across a multitude of industries, providing assurance of reliability and protection of all forms of sensitive data.
- Support in the remediation of security control deficiencies through the development of policies and providing business process re-engineering recommendations to ensure compliance with SOC.
- Provide Augmented Staff services, directly working within client organizations as a supporting team member to aid in the maintenance of security and compliance programs.
Necessary skills and qualifications:
The Developing Consultant (DC) is an up-and-coming part of the client-facing consulting team. DCs are responsible for helping in conducting project delivery activities based on their selected Tevora Information Security practice areas including: Enterprise Risk, Compliance, Solutions Implementation, and Threat Research. Interns are expected to continually develop their skills through personal development and Information Security industry participation.
Key Responsibilities
- Developing the technical and business skills required to perform billable work on projects as quickly as possible
- Learning about industry-standard certifications and their benefits
- Learning about National and International standards and frameworks like PCI-DSS, HIPAA, and ISO 27001
- Observing Implementations of enterprise security solutions
- Observing and helping with internal and external penetration testing and social engineering projects
Requirements
Every DC at Tevora is a technologist at heart but understands the critical intersection between business and technology. Foundationally, the ideal candidate will have basic familiarity with:
- Networking concepts like firewalls, routers, switches, and DNS
- Computer troubleshooting and server systems administration
- Business planning and accounting
- Any knowledge of compliance frameworks is a plus
Abilities
- Multi-tasking and time management skills
- Dynamic, enthusiastic, and excellent interpersonal skills
- Excellent writing both expository and technical documentation
- Intermediate working knowledge of Excel and Word
- Self-starter who likes to tinker and learn on their own
Education and Experience
- Bachelor's Degree from an accredited 4-year university (or Military equivalent)
- Currently enrolled at an accredited 4-year university (or Military equivalent)
- IT, Cybersecurity, and Information Security certifications a plus
We've got you covered!
- Sick Time Off
- Vibrant work culture
- Career advancement opportunities
Additional requirements:
- A valid driver's license is required.
- Eligibility to work in the United States.
- Required to work onsite at our Fairfax, VA or Irvine, CA location.
Thank you for your interest in our Consultant Development Program (CDP). If you are selected for this program, you will become a Developing Consultant with us. This opportunity will challenge and motivate both your aptitude and attitude in Cyber Security. Successful completion of our program as a Developing Consultant may lead to a full-time offer as an entry-level Information Security Associate.
EEOC Statement
Tevora is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, disability status, or other applicable legally protected characteristics.