Tevora is entering into the SIXTH year of its Consultant Development Program, an immersive paid-training program designed to help you steep the technical and professional skills you’ll need to enter the workforce as a full-time Information Security Associate.
Tevora University & Mentorship Program
- Practice Disciplines and Consultant 101 taught by Managing Directors
- Taught curriculum involves independent study and hands-on project work with mentoring from experienced Consultants and Practice Leads
For the practice areas that you choose to explore, your expected activities and responsibilities include:
- Research emerging information security risk, privacy, and compliance topics for white papers and knowledge sharing
- Analysis of client organizations to investigate and identify information security risks and security control vulnerabilities
- Assist with researching risk treatment and vulnerability remediation for client reports
- Joining interviews with various clients’ subject matter experts to assist in data collection
- Assist in template and procedure creation for Compliance and Risk solutions
- Assist in report writing and delivery of client reports
- Learning about National and International standards, frameworks, and legislations that govern the industry, such as ISO 27000, SOC, HIPAA, PCI DSS, GDPR, and NIST.
Practice Areas Include:
Enterprise Risk Management
- Aid in the development and maintenance of Enterprise Risk Management programs for organizations across all industries
- Conduct Enterprise Risk Assessments and analyze potential exposure at a strategic level
- Perform Vendor Risk Assessments on behalf of client organizations
- Develop Governance frameworks and Strategies for managing information security
- Provide General Advisement Services to help organizations adequately address information security risks upon changes to strategic initiatives, projects, and infrastructure architecture
- Help organizations address exposures to risks related to the protection of Personally Identifiable Information (PII)
- Perform Privacy Impact Assessments to assess organizational risk exposure as it relates privacy
- Provide General Advisement Services to help organizations navigate privacy risks, legislation, and regulatory requirements (e.g., GDPR, CCPA, ISO 27018).
- Perform Data Mapping and analysis of Technical Infrastructure Design
- Work with hospitals, clinics, insurance companies, medical device manufacturers, and many other service organizations in the Healthcare industry to ensure the protection of Protected Healthcare Information (PHI)
- Perform organizational security posture and control assessments against Healthcare organizations to validate adequate protection of sensitive healthcare data and ensure compliance against laws and regulations such HIPAA and HITRUST.
- Provide General Advisement Services to help organizations navigate HIPAA and HITRUST compliance upon changes to strategic initiatives, projects, and infrastructure architecture.
- Support organizations across a multitude of industries in the protection of credit card data
- Perform in-depth technology and process control assessments to validate adequate protection of credit card data and ensure compliance against the Payment Card Industry Data Security Standard (PCI DSS)
- Perform Payment Application (PA-DSS) technical control assessments to validate payment processing software used within Point-of-Sale are adequately protecting credit card data via appropriate use of cryptography, authentication, secure coding practices, and other technical controls.
- Provide General Advisement Services to help organizations navigate PCI DSS compliance upon changes to strategic initiatives, projects, and infrastructure architecture.
- Work with organizations connected to the Federal Government, such as defense contractors, financial institutions, and telecommunication systems, to develop and maintain information security programs that adhere to the standards of the Federal Government.
- Conduct assessments, develop Governance programs, and provide General Advisory Services to help navigate Federal Government standards including:
- Federal Information Security Management Act (FISMA)
- Federal Risk Authorization Management Program (FedRAMP)
- Defense Federal Acquisition Regulation Supplement (DFARS)
- North American Electric Reliability Corporation (NERC)
- New York State Department of Financial Services (NERC)
Systems and Organizations Controls (SOC)
- Perform comprehensive System and Organization Controls (SOC) assessments to against service provider organizations across a multitude of industries, providing assurance of reliability and protection of all forms of sensitive data.
- Support in the remediation of security control deficiencies through the development of policies and providing business process re-engineering recommendations to ensure compliance with SOC.
- Provide Augmented Staff services, directly working within client organizations as a supporting team member to aid in the maintenance of security and compliance programs.
International Standards (ISO)
- Assess the security posture of organizations across a multitude of industries against internationally recognized ISO 27000 standards established by the International Organization for Standardization (ISO)
- Support organizations in the development of an ISO 27001 compliant Information Security Management Systems (ISMS), a systematic and iterative approach managing organizational risk for all forms of sensitive data.
- Aid organizations in aligning their ISMS with ISO 27018, a globally recognized standard designed to ensure security and privacy of Personally Identifiable Information (PII) within Cloud applications or services.
Cloud Security (CSA STAR)
- Aid organizations Cloud Service organizations CSA Security, Trust & Assurance Registry (CSA STAR), the cloud security framework established by the Cloud Security Alliance (CSA)
- Conduct security control assessments against Cloud Service environments to attest that security mechanisms align with the CSA STAR framework
- Support in designing a consolidated Information Security Management System (ISMS) fulfills both the CSA STAR and ISO 27001 standards, which are two standards that are tightly aligned with each other.
The Developing Consultant (DC) is an up-and-coming part of the client-facing consulting team. DCs are responsible for helping in conducting project delivery activities based on their selected Tevora Information Security practice areas including: Enterprise Risk, Compliance, Solutions Implementation, and Threat Research. Interns are expected to continually develop their skills through personal development and Information Security industry participation.
- Developing the technical and business skills required to perform billable work on projects as quickly as possible
- Learning about industry-standard certifications and their benefits
- Learning about National and International standards and frameworks like PCI-DSS, HIPAA, and ISO 27001
- Observing Implementations of enterprise security solutions
- Observing and helping with internal and external penetration testing and social engineering projects
Every DC at Tevora is a technologist at heart but understands the critical intersection between business and technology. Foundationally, the ideal candidate will have basic familiarity with:
- Networking concepts like firewalls, routers, switches, and DNS
- Computer troubleshooting and server systems administration
- Business planning and accounting
- Any knowledge of compliance frameworks is a plus
- Multi-tasking and time management skills
- Dynamic, enthusiastic, and excellent interpersonal skills
- Excellent writing both expository and technical documentation
- Intermediate working knowledge of Excel and Word
- Self-starter who likes to tinker and learn on their own
Education and Experience
- Bachelor’s Degree from an accredited 4-year university (or Military equivalent)
- Currently enrolled at an accredited 4-year university (or Military equivalent)
- IT and Information Security certifications a plus
- Valid driver’s license as driving will be required in this role
- Eligible to work in the United States
Tevora is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
Thank you for your interest in our Consultant Development Program (CDP). If you are selected for this program, you will become a Developing Consultant with us. This opportunity will challenge and motivate both your aptitude and attitude in Cyber Security. Successful completion of our program as a Developing Consultant may lead to a full-time offer as an entry-level Information Security Associate.