1-888-PIVOT-POINT | 1-888-748-6876

Employment Opportunities

Do you thrive in a dynamic environment? Do you like challenges? Do you believe work and fun are not mutually exclusive?

Then maybe, you’re the one we’re looking for. We need team players who are smart and creative, who love IT assurance and who want to grow with a growing company: who are as comfortable talking with senior management about Information Security Management Systems and attestation strategies as they are with a developer or sysadmin about TLSv1.2.

At Pivot Point Security, we’re not necessarily looking for certifications and years of expertise. We are willing to train the right person. We’re looking for candidates who are highly intelligent, eager to learn, and cut from the finest moral fiber. While we are less concerned with skills and qualifications we will not compromise on your ability to deliver superior results.

Click here for more information on working at Pivot Point Security.

Current Positions Available:

Dedicated Internal Information Security Auditor

PPS is seeking a CISA to own the role of a Dedicated Internal IS Auditor for our clients.

Click here to apply for this role

This broad and varied role will see you develop and lead multiple risk-based Information Security audits across an extensive range of clients in many verticals. You will also have the opportunity to help our clients by vetting their ISMS, and validating current processes.

Ideal candidates will have a strong background in internal audit, ideally gained in an IT/IS related business or service provider, giving you a solid understanding of controls in a technical environment. A confident self-starter, you will be driven to succeed in a high-performance environment and be comfortable operating at both a strategic and hands-on level. Knowledge of ISO 27001 is highly desirable.

This is an excellent opportunity to step-up into a leadership capacity and take full ownership of client internal audit function for a growing and unique information assurance firm. In return, you will have the opportunity to work for a business that truly values its employees, and be part of a team with a culture second to none.

  • Performs multiple Internal Information Technology/Security audits simultaneously, including information security controls and information system applications.
  • Performs special reviews and analyses as directed by Services Director or Resource Manager.
  • Establishes the scope of work necessary to meet the audit objectives. Determines records and/or activities to analyze, and the extent of tests to apply.
  • Completes the planning work on assigned audits including a review of appropriate organizational policies and procedures and external reference material for the area under review.
  • Performs analytical reviews of data and ascertains compliance with laws, standards, and best practices.
  • Prepares detailed reports of findings and develops solid recommendations and alternative solutions to issues identified during the audit.
  • Follows appropriate departmental policies and guidelines, as well as Standards for the Professional Practice of Internal Auditing and the Institute of Internal Auditors’ Code of Ethics.

The right person HAS the following characteristics (these are “non-negotiable”):

  • Personal integrity, a highly transparent nature, and a mind-set of “mutual benefit”.
  • Thrives on and is worthy of self-managing the projects they are responsible for (micro-management is a four-letter word at PPS).
  • Has very high “Self-Expectation” (self-motivated, self-aware, self –disciplined, self-improving, and self-governed). You hold yourself to a higher standard than others do.
  • Enjoys work and life, values a balance, and is looking for a company that shares those ideals (understands that you don’t get a second chance to see your child’s first school play and that it doesn’t matter if the report gets done at 3PM or 10PM, if it gets done).
  • Highly consultative and collaborative nature; someone who enjoys helping others achieve ambitious business and information assurance goals.
  • Effectively and proactively communicates in writing/speech both internally/externally from the server room to the board room.
  • The ability to “work from anywhere” as this role is remote/virtual in nature.
  • A good sense of humor and the ability to laugh at themselves.

The right person usually has the following experience (these are somewhat negotiable):

  • Bachelor’s Degree required in Computer Science, Finance, Business or related field or equivalent work experience
  • 3-5 years of audit experience for an Information Assurance firm or professional services firm, or, relevant internal audit experience.
  • CISA is required
  • Up to 75% travel required.
  • Knowledge of information security and administration controls for client server and mainframe environments (e.g., Windows, UNIX), as well as databases (e.g., Oracle, Sybase, SQL).
  • Ability to independently research industry trends, best practices, and requirements.
  • Understand the elements of a strong internal control environment.
  • Ability to appropriately handle ethical issues in the organization.
  • Ability to effectively communicate (verbal and written) with all levels of associates.
  • Understand the symptoms of possible fraud and know the steps to take when fraud is suspected.
  • Experience should also include performance of applications, systems development life cycle, change management, and data warehouse audits.
  • Understand Disaster Recovery and Business Continuity practices.
  • Knowledge of applicable practices and laws relating to data privacy and protection.
  • Industry experience is a strong plus
  • Experience with Model Audit Rule, internal controls, and business process analysis is preferred.

Click here to apply for this role

Information Security Management (ISMS) Consultant - Chicago, IL

We are looking for the “right” person to lead our Cyber Liability Insurance Service Area which predominantly works in a collaborative fashion with our insurance vertical client base to help them effectively manage the risk associated with member risk. This involves building/optimizing the practices these organizations use to underwrite and manage information security risk for their members. In this role, you will spend 10 – 35% of your time at client sites and the rest of your time working from wherever you work most effectively. We will provide training/certification for the right person.

Click here to apply to this role

We expect this person will:

  • Meet/exceed defined contribution goals for services you will deliver.
  • Achieve target Net Promoter Scores for your service by managing client relationships.
  • Ensure 100% certification success rate on ISMS projects.
  • Earn and gain the trust and respect of the PPS team.

The right person HAS the following characteristics (these are “non-negotiable”):

  • Personal integrity, a highly transparent nature, and a mind-set of “mutual benefit”.
  • Thrives on and is worthy of self-managing the projects they are responsible for (micro-management is a four-letter word at PPS).
  • Has very high “Self-Expectation” (self-motivated, self-aware, self –disciplined, self-improving, and self-governed). You hold yourself to a higher standard than others do.
  • Enjoys work and life, values a balance, and is looking for a company that shares those ideals (understands that you don’t get a second chance to see your child’s first school play and that it doesn’t matter if the report gets done at 3PM or 10PM, if it gets done).
  • Highly consultative and collaborative nature; someone who enjoys helping others achieve ambitious business and information assurance goals.
  • Effectively and proactively communicates in writing/speech both internally/externally from the server room to the board room.
  • The ability to “work from anywhere” as this role is remote/virtual in nature.
  • A good sense of humor and the ability to laugh at themselves.

The right person usually has the following experience (these are somewhat negotiable):

  • Enough Information Technology and Information Security experience to contextualize and make their recommendations relevant and valuable.
  • Significant knowledge of ISO-27001/2 and its derivatives (e.g., HITRUST, Shared Assessment) as much of our consulting and collaboration is around an ISO-27001 Information Security Management System.
  • Solid knowledge of the NIST 800-171/FISMA framework and is derivatives (e.g., Fed RAMP, CMS Information Security Program) as many of our clients serve government customers.
  • Experience working in a highly consultative manner (e.g., in a consulting firm, or across business units/functions).

The right person often has the following attributes (these are negotiable):

  • Experience in and/or a desire to contribute to PPS’s Network & Application Security practice areas (e.g., architecture/configuration reviews, Vulnerability Assessments, Penetration Tests, targeted gap assessments, Source Code Reviews).
  • Experience with the myriad of regulatory compliance frameworks our client base is subject to (e.g., HIPAA, PII, PCI-DSS, SOX, STARS, NERC-CIP).
  • Certifications that demonstrate to our clients our commitment to excellence in our craft (e.g., ISO-27001 Lead Implementer, CISA, CISSP, ISO 27001 Lead Auditor, MCSE, CEH, OSCP).
  • Familiarity with related standards (e.g., SSAE-16 SOC1, SOC2, ISO-22301, ISO-9001).

Click here to apply to this role

Information Security Management (ISMS) Consultant - Boston, MA

We are looking for the “right” person to lead our Cyber Liability Insurance Service Area which predominantly works in a collaborative fashion with our insurance vertical client base to help them effectively manage the risk associated with member risk. This involves building/optimizing the practices these organizations use to underwrite and manage information security risk for their members. In this role, you will spend 10 – 35% of your time at client sites and the rest of your time working from wherever you work most effectively. We will provide training/certification for the right person.

Click here to apply to this role

We expect this person will:

  • Meet/exceed defined contribution goals for services you will deliver.
  • Achieve target Net Promoter Scores for your service by managing client relationships.
  • Ensure 100% certification success rate on ISMS projects.
  • Earn and gain the trust and respect of the PPS team.

The right person HAS the following characteristics (these are “non-negotiable”):

  • Personal integrity, a highly transparent nature, and a mind-set of “mutual benefit”.
  • Thrives on and is worthy of self-managing the projects they are responsible for (micro-management is a four-letter word at PPS).
  • Has very high “Self-Expectation” (self-motivated, self-aware, self –disciplined, self-improving, and self-governed). You hold yourself to a higher standard than others do.
  • Enjoys work and life, values a balance, and is looking for a company that shares those ideals (understands that you don’t get a second chance to see your child’s first school play and that it doesn’t matter if the report gets done at 3PM or 10PM, if it gets done).
  • Highly consultative and collaborative nature; someone who enjoys helping others achieve ambitious business and information assurance goals.
  • Effectively and proactively communicates in writing/speech both internally/externally from the server room to the board room.
  • The ability to “work from anywhere” as this role is remote/virtual in nature.
  • A good sense of humor and the ability to laugh at themselves.

The right person usually has the following experience (these are somewhat negotiable):

  • Enough Information Technology and Information Security experience to contextualize and make their recommendations relevant and valuable.
  • Significant knowledge of ISO-27001/2 and its derivatives (e.g., HITRUST, Shared Assessment) as much of our consulting and collaboration is around an ISO-27001 Information Security Management System.
  • Solid knowledge of the NIST 800-171/FISMA framework and is derivatives (e.g., Fed RAMP, CMS Information Security Program) as many of our clients serve government customers.
  • Experience working in a highly consultative manner (e.g., in a consulting firm, or across business units/functions).

The right person often has the following attributes (these are negotiable):

  • Experience in and/or a desire to contribute to PPS’s Network & Application Security practice areas (e.g., architecture/configuration reviews, Vulnerability Assessments, Penetration Tests, targeted gap assessments, Source Code Reviews).
  • Experience with the myriad of regulatory compliance frameworks our client base is subject to (e.g., HIPAA, PII, PCI-DSS, SOX, STARS, NERC-CIP).
  • Certifications that demonstrate to our clients our commitment to excellence in our craft (e.g., ISO-27001 Lead Implementer, CISA, CISSP, ISO 27001 Lead Auditor, MCSE, CEH, OSCP).
  • Familiarity with related standards (e.g., SSAE-16 SOC1, SOC2, ISO-22301, ISO-9001).

Click here to apply to this role

Information Security Management (ISMS) Consultant - New York, NY

We are looking for the “right” person to lead our Cyber Liability Insurance Service Area which predominantly works in a collaborative fashion with our insurance vertical client base to help them effectively manage the risk associated with member risk. This involves building/optimizing the practices these organizations use to underwrite and manage information security risk for their members. In this role, you will spend 10 – 35% of your time at client sites and the rest of your time working from wherever you work most effectively. We will provide training/certification for the right person.

Click here to apply to this role

We expect this person will:

  • Meet/exceed defined contribution goals for services you will deliver.
  • Achieve target Net Promoter Scores for your service by managing client relationships.
  • Ensure 100% certification success rate on ISMS projects.
  • Earn and gain the trust and respect of the PPS team.

The right person HAS the following characteristics (these are “non-negotiable”):

  • Personal integrity, a highly transparent nature, and a mind-set of “mutual benefit”.
  • Thrives on and is worthy of self-managing the projects they are responsible for (micro-management is a four-letter word at PPS).
  • Has very high “Self-Expectation” (self-motivated, self-aware, self –disciplined, self-improving, and self-governed). You hold yourself to a higher standard than others do.
  • Enjoys work and life, values a balance, and is looking for a company that shares those ideals (understands that you don’t get a second chance to see your child’s first school play and that it doesn’t matter if the report gets done at 3PM or 10PM, if it gets done).
  • Highly consultative and collaborative nature; someone who enjoys helping others achieve ambitious business and information assurance goals.
  • Effectively and proactively communicates in writing/speech both internally/externally from the server room to the board room.
  • The ability to “work from anywhere” as this role is remote/virtual in nature.
  • A good sense of humor and the ability to laugh at themselves.

The right person usually has the following experience (these are somewhat negotiable):

  • Enough Information Technology and Information Security experience to contextualize and make their recommendations relevant and valuable.
  • Significant knowledge of ISO-27001/2 and its derivatives (e.g., HITRUST, Shared Assessment) as much of our consulting and collaboration is around an ISO-27001 Information Security Management System.
  • Solid knowledge of the NIST 800-171/FISMA framework and is derivatives (e.g., Fed RAMP, CMS Information Security Program) as many of our clients serve government customers.
  • Experience working in a highly consultative manner (e.g., in a consulting firm, or across business units/functions).

The right person often has the following attributes (these are negotiable):

  • Experience in and/or a desire to contribute to PPS’s Network & Application Security practice areas (e.g., architecture/configuration reviews, Vulnerability Assessments, Penetration Tests, targeted gap assessments, Source Code Reviews).
  • Experience with the myriad of regulatory compliance frameworks our client base is subject to (e.g., HIPAA, PII, PCI-DSS, SOX, STARS, NERC-CIP).
  • Certifications that demonstrate to our clients our commitment to excellence in our craft (e.g., ISO-27001 Lead Implementer, CISA, CISSP, ISO 27001 Lead Auditor, MCSE, CEH, OSCP).
  • Familiarity with related standards (e.g., SSAE-16 SOC1, SOC2, ISO-22301, ISO-9001).

Click here to apply to this role

Penetration Tester/Ethical Hacker

**Future Role** 

Please note that we are not currently hiring for this position. Please check back soon for an application link.


 

We are looking for the “right” person to join our Network Services team as a Penetration Tester/Ethical Hacker to deliver a tightly knit group of penetration testing services including network, application, phishing, and physical testing to our diverse client base to complement our information assurance services.

The right person has the following characteristics (these are “non-negotiable”):

  • Personal integrity, a highly transparent nature, and a mindset of “mutual benefit”. (We don’t “sell” – we educate, collaborate and listen.)
  • Thrives on and is worthy of self-managing their work effort (micro-management is a four-letter word at PPS).
  • Very high “Self-Expectation” (self-motivated, self-aware, self –disciplined, self-improving, and self-governed). You hold yourself to a higher standard than others do.
  • A high level of attention to detail.
  • A desire to approach each opportunity as new, not using a cookie cutter or template approach.
  • Enjoys work and values family and is looking for a company that shares those ideals (understands that you don’t get a second chance to see your child’s first school play and that it doesn’t matter if the proposal gets done at 3 PM or 10 PM, if it gets done).
  • Highly consultative and collaborative nature; someone who enjoys helping others (clients and team members) achieve ambitious business and information assurance goals.
  • Effective and proactive communication skills in writing/speech. You’ll prepare proposals, SOW’s, track and nurture leads, email and talk to clients until no question is left unanswered.
  • Demonstrable computer skills and proficiency with the Microsoft Office suite of applications.
  • The mental acuity and flexibility to work in a fast-paced, sometimes interrupted, multi-tasking environment.
  • A good sense of humor and the ability to laugh at themselves because all work and no play….
  • A passion for challenges, not afraid of the “deep end of the pool

The right person should have the following experience (these are somewhat negotiable):

  • Ability to work collaboratively with clients to assess/improve network security via architecture reviews, Network Vulnerability Assessments, Network Penetration Testing, Firewall Rule-base Reviews, Active Directory Configuration Review, and related activities.
  • Ability to work collaboratively with clients to assess/improve application security via architecture reviews, Application Vulnerability Assessments, Application Penetration Testing, Source Code Vulnerability Assessment, Source Code Review, and related activities.
  • Ability to work collaboratively with PPS’s marketing, sales, and product development professionals to ensure that your industry and Subject Matter Expertise is reflected in our marketing materials, sales proposals, and service offerings.
  • 10% – 20% travel required.

About Pivot Point Security

We’re a small, but growing, company (45% per year growth over last 4 years), so we do our best to keep the right people at PPS (most of our team has been together for 6+ years) by aspiring to:

  • A high-performance work environment with extremely passionate, driven and experienced technical professionals. At Pivot Point Security you will find colleagues you can respect and learn from.
  • A management system where all employees participate in establishing the company’s goals/initiatives and have ready visibility into the company’s performance. We’re working hard to create processes and metrics to measure our (and your) success.
  • An environment where relationships are important, internally and externally. We provide the highest levels of customer service and strive to always exceed our clients’ expectations.
  • A competitive salary (more than most) with a F100 level benefits package (e.g., medical, dental, vision, HCFSA, 401K w/ company match, 529 College Savings, Adoption Assistance, vacation and personal days).
  • Providing individuals the opportunity to develop by giving them the resources required, surrounding them with great colleagues, and allowing them to take on new/big challenges.

As a Company, We:

  1. Tell The Truth (Honesty is almost always the best policy …)
  2. Are Responsible (Keep commitments, over-communicate, be transparent, confident, worthy of/thrive on freedom)
  3. Smile (Life is too short not to … likability is nearly as importance as competence)
  4. Seek “Win-Win” (Think cooperative, not competitive – seek mutual benefit in all interactions)
  5. Consult, Educate, Don’t Sell (Every situation is unique; listen, understand, educate, and express a clear opinion)
  6. Simplify (Less is more … )
  7. Are Customer Focused (If the client isn’t happy … we didn’t deliver)