1-888-PIVOT-POINT | 1-888-748-6876 info@pivotpointsecurity.com
Talk with an Expert »
Select Page
GDPR & Privacy Shield - What They Mean for Your Business

Employment Opportunities

Do you thrive in a dynamic environment? Do you like challenges? Do you believe work and fun are not mutually exclusive?

Then maybe, you’re the one we’re looking for. We need team players who are smart and creative, who love IT assurance and who want to grow with a growing company: who are as comfortable talking with senior management about Information Security Management Systems and attestation strategies as they are with a developer or sysadmin about TLSv1.2.

Current Positions Available

At Pivot Point Security, we’re not necessarily looking for certifications and years of expertise. We are willing to train the right person. We’re looking for candidates who are highly intelligent, eager to learn, and cut from the finest moral fiber. While we are less concerned with skills and qualifications we will not compromise on your ability to deliver superior results.

Click here for more information on working at Pivot Point Security, or apply to a position below.

GDPR and Privacy Consultant

Do you thrive in a dynamic environment? Do you like challenges? Do you believe work and fun are not mutually exclusive?

Then maybe, you’re the one we’re looking for. We need team players who are smart and creative, who love IT assurance and who want to grow with a growing company: who are as comfortable talking with senior management about Information Security Management Systems and attestation strategies as they are with a developer or sysadmin about TLSv1.2.

We are looking for the “right” person to join our team as a GRC Consultant, focusing on Privacy, Privacy Shield and GDPR. This person will work in a collaborative fashion with our clients providing services related to a broad range of privacy disciplines (including compliance assessments, program design, and policy development), and Information Security & compliance risk as well as prove the same to management and customers. In this role, you will spend 10 – 35% of your time at client sites and the rest of your time working from wherever you work most effectively. We will provide training/certification for the right person.

Click here to apply now

We expect this person will:

  • Meet/exceed defined contribution goals for services you will deliver.
  • Achieve target Net Promoter Scores for your service by managing client relationships.
  • Ensure 100% certification success rate on GDPR and Privacy projects.
  • Earn and gain the trust and respect of the PPS team.

The right person HAS the following characteristics (these are “non-negotiable”):

  • Personal integrity, a highly transparent nature, and a mindset of “mutual benefit”.
  • Thrives on and is worthy of self-managing the projects they are responsible for (micro-management is a four-letter word at PPS).
  • Has very high “Self-Expectation” (self-motivated, self-aware, self –disciplined, self-improving, and self-governed). You hold yourself to a higher standard than others do.
  • Enjoys work and life, values a balance, and is looking for a company that shares those ideals (understands that you do not get a second chance to see your child’s first school play and that it does not matter if the report gets done at 3 PM or 10 PM, if it gets done).
  • Highly consultative and collaborative nature; someone who enjoys helping others achieve ambitious business and information assurance goals.
  • Effectively and proactively communicates in writing/speech both internally/externally from the server room to the boardroom.
  • The ability to “work from anywhere” as this role is remote/virtual in nature.
  • A good sense of humor and the ability to laugh at themselves.

The right person usually has the following experience (these are somewhat negotiable):

  • Enough Information Technology and Information Security experience to contextualize and make their recommendations relevant and valuable.
  • Significant knowledge of federal and state privacy rules and regulations.
  • Experience evaluating client compliance with common industry standards and regulations.
  • Significant knowledge of Privacy and its derivatives: GDPR, Privacy Shield
  • Solid knowledge of the NIST 800-171/FISMA framework and is derivatives (e.g., Fed RAMP, CMS Information Security Program) as many of our clients serve government customers.
  • Experience working in a highly consultative manner (e.g., in a consulting firm, or across business units/functions).

The right person often has the following attributes (these are negotiable):

  • 3 + years working as a Data Privacy consultant.
  • Experience interpreting federal and state privacy regulations.
  • Experience in and/or a desire to contribute to PPS’s Network & Application Security practice areas (e.g., architecture/configuration reviews, Vulnerability Assessments, Penetration Tests, targeted gap assessments, Source Code Reviews).
  • Experience with the myriad of regulatory compliance frameworks our client base is subject to (e.g., HIPAA, PII, PCI-DSS, SOX, STARS, NERC-CIP).
  • Certifications that demonstrate to our clients our commitment to excellence in our craft (e.g., ISO 27001 Lead Implementer, CISA, CISSP, ISO 27001 Lead Auditor, MCSE, CEH, OSCP).
  • Familiarity with related standards (e.g., SSAE-16 SOC1, SOC2, ISO-22301, ISO-9001).

Click here to apply now

About Pivot Point Security

We’re a small, but growing, company. So, we do our best to keep the right people at PPS (most of our team has been together for 6+ years) by aspiring to:

  • A high-performance work environment with extremely passionate, driven and experienced technical professionals. At Pivot Point Security, you will find colleagues you can respect and learn from.
  • A management system where all employees participate in establishing the company’s goals/initiatives and have ready visibility into the company’s performance. We’re working hard to create processes and metrics to measure our, *and your) success.
  • An environment where relationships are important, internally and externally. We provide the highest levels of customer service and strive to always exceed our clients’ expectations.
  • A competitive salary (more than most) with an F100 level benefits package (e.g., medical, dental, vision, HCFSA, 401K w/ company match, 529 College Savings, Adoption Assistance, vacation and personal days).
  • Providing individuals, the opportunity to develop by giving them the resources required, surrounding them with great colleagues, and allowing them to take on new/big challenges.

As a Company, We:

  1. Tell the Truth (Honesty is almost always the best policy)
  2. Do The Right Thing (Keep commitments, over-communicate, be transparent, confident, worthy of/thrive on freedom)
  3. Smile (Life is too short not to … likeability is nearly as important as competence)
  4. Seek “Win-Win” (Think cooperative, not competitive – seek mutual benefit in all interactions)
  5. Consult, Educate (Every situation is unique; listen, understand, educate, and express a clear opinion)
  6. Simplify (Less is more …)
  7. Are Customer Focused
GRC Consultant (Atlanta, GA Area)

Do you thrive in a dynamic environment? Do you like challenges? Do you believe work and fun are not mutually exclusive?

Then maybe, you’re the one we’re looking for. We need team players who are smart and creative, who love IT assurance and who want to grow with a growing company: who are as comfortable talking with senior management about Information Security Management Systems and attestation strategies as they are with a developer or sysadmin about TLSv1.2.

We are looking for the “right” person to join our team as a GRC (Governance, Risk Management and Compliance) Consultant to work in a collaborative fashion with our clients to help them manage Information Security & compliance risk as well as prove the same to management and customers. In this role, you will spend 10 – 35% of your time at client sites and the rest of your time working from wherever you work most effectively. We will provide training/certification for the right person.

Click here to apply now

We expect this person will:

  • Meet/exceed defined contribution goals for services you will deliver.
  • Achieve target Net Promoter Scores for your service by managing client relationships.
  • Ensure 100% certification success rate on ISMS projects.
  • Earn and gain the trust and respect of the PPS team.

The right person HAS the following characteristics (these are “non-negotiable”):

  • Personal integrity, a highly transparent nature, and a mindset of “mutual benefit”.
  • Thrives on and is worthy of self-managing the projects they are responsible for (micro-management is a four-letter word at PPS).
  • Has very high “Self-Expectation” (self-motivated, self-aware, self –disciplined, self-improving, and self-governed). You hold yourself to a higher standard than others do.
  • Enjoys work and life, values a balance, and is looking for a company that shares those ideals (understands that you do not get a second chance to see your child’s first school play and that it does not matter if the report gets done at 3 PM or 10 PM, if it gets done).
  • Highly consultative and collaborative nature; someone who enjoys helping others achieve ambitious business and information assurance goals.
  • Effectively and proactively communicates in writing/speech both internally/externally from the server room to the boardroom.
  • The ability to “work from anywhere” as this role is remote/virtual in nature.
  • A good sense of humor and the ability to laugh at themselves.

The right person usually has the following experience (these are somewhat negotiable):

  • Enough Information Technology and Information Security experience to contextualize and make their recommendations relevant and valuable.
  • Experience and knowledge with Governance, Risk Management and Compliance
  • Significant knowledge of ISO 27001/2 and its derivatives (e.g., HITRUST, Shared Assessment) as much of our consulting and collaboration is around an ISO 27001 Information Security Management System.
  • Solid knowledge of the NIST 800-171/FISMA framework and is derivatives (e.g., Fed RAMP, CMS Information Security Program) as many of our clients serve government customers.
  • Experience working in a highly consultative manner (e.g., in a consulting firm, or across business units/functions).

The right person often has the following attributes (these are negotiable):

  • Experience in and/or a desire to contribute to PPS’s Network & Application Security practice areas (e.g., architecture/configuration reviews, Vulnerability Assessments, Penetration Tests, targeted gap assessments, Source Code Reviews).
  • Experience with the myriad of regulatory compliance frameworks our client base is subject to (e.g., HIPAA, PII, PCI-DSS, SOX, STARS, NERC-CIP).
  • Certifications that demonstrate to our clients our commitment to excellence in our craft (e.g., ISO 27001 Lead Implementer, CISA, CISSP, ISO 27001 Lead Auditor, MCSE, CEH, OSCP).
  • Familiarity with related standards (e.g., SSAE-16 SOC1, SOC2, ISO-22301, ISO-9001).

Click here to apply now

About Pivot Point Security

We’re a small, but growing, company. So, we do our best to keep the right people at PPS (most of our team has been together for 6+ years) by aspiring to:

  • A high-performance work environment with extremely passionate, driven and experienced technical professionals. At Pivot Point Security, you will find colleagues you can respect and learn from.
  • A management system where all employees participate in establishing the company’s goals/initiatives and have ready visibility into the company’s performance. We’re working hard to create processes and metrics to measure our, *and your) success.
  • An environment where relationships are important, internally and externally. We provide the highest levels of customer service and strive to always exceed our clients’ expectations.
  • A competitive salary (more than most) with an F100 level benefits package (e.g., medical, dental, vision, HCFSA, 401K w/ company match, 529 College Savings, Adoption Assistance, vacation and personal days).
  • Providing individuals, the opportunity to develop by giving them the resources required, surrounding them with great colleagues, and allowing them to take on new/big challenges.

As a Company, We:

  1. Tell the Truth (Honesty is almost always the best policy)
  2. Do The Right Thing (Keep commitments, over-communicate, be transparent, confident, worthy of/thrive on freedom)
  3. Smile (Life is too short not to … likeability is nearly as important as competence)
  4. Seek “Win-Win” (Think cooperative, not competitive – seek mutual benefit in all interactions)
  5. Consult, Educate (Every situation is unique; listen, understand, educate, and express a clear opinion)
  6. Simplify (Less is more …)
  7. Are Customer Focused
Information Security Auditor

Do you thrive in a dynamic environment? Do you like challenges? Do you believe work and fun are not mutually exclusive?

Then maybe, you’re the one we’re looking for. We need team players who are smart and creative, who love IT assurance and who want to grow with a growing company: who are as comfortable talking with senior management about Information Security Management Systems and attestation strategies as they are with a developer or sysadmin about TLSv1.2.

We are looking for the “right” person to join our team as an Internal Information Security Auditor to work in a collaborative fashion with our clients to help them manage information security & compliance risk by developing and leading risk-based audits.  You will provide value to our clients by ensuring information security processes are effective and achieve organizational objectives. In this role, you will spend 50 – 70% of your time at client sites and the rest of your time working from wherever you work most effectively.  We will provide training/certification for the right person.

This is an excellent opportunity to contribute to a growing and unique information assurance firm and its diverse national client base.  In return, you will have the opportunity to work for a business that truly values its employees, and be part of a team with a culture second to none.

Click here to apply now

We expect this person will:

  • Meet/exceed defined contribution goals for services you will deliver.
  • Achieve target Net Promoter Scores for your service by exhibiting superior client relationship skills.
  • Perform Internal Information Technology/Security audits across multiple customers and diverse standards (e.g. 27000 Series, SOC2, NIST, HIPAA, PCI, Privacy).
  • Earn and gain the trust and respect of the PPS team.

The right person HAS the following characteristics (these are “non-negotiable”):

  • Personal integrity, a highly transparent nature, and a mindset of “mutual benefit”.
  • Thrives on and is worthy of self-managing the projects they are responsible for (micro-management is a four-letter word at PPS).
  • Has very high “Self-Expectation” (self-motivated, self-aware, self –disciplined, self-improving, and self-governed). You hold yourself to a higher standard than others do.
  • Enjoys work and life, values a balance, and is looking for a company that shares those ideals (understands that you don’t get a second chance to see your child’s first school play and that it doesn’t matter if the report gets done at 3 PM or 10 PM, if it gets done).
  • Highly consultative and collaborative nature; someone who enjoys helping others achieve ambitious business and information assurance goals.
  • Effectively and proactively communicates in writing/speech both internally/externally from the server room to the boardroom.
  • The ability to “work from anywhere” as this role is remote/virtual in nature.
  • A good sense of humor and the ability to laugh at themselves.

The right person usually has the following experience (these are somewhat negotiable):

  • Enough Information Technology and Information Security experience to effectively assess the design and operation of information security frameworks.
  • Significant knowledge of ISO-27001/2 and its derivatives (e.g., HITRUST, Shared Assessment) as much of our consulting and auditing is around an ISO-27001 Information Security Management System.
  • Solid knowledge of the NIST 800-171/FISMA framework and is derivatives (e.g., Fed RAMP, CMS 800-171, NCSF) as many of our clients serve government customers.
  • Experience working in a highly analytical yet consultative manner (e.g., in a consulting firm, or across business units/functions).
  • 3-5 years of audit experience for an Information Assurance firm or professional services firm, or, relevant internal audit experience.

The right person often has the following attributes (these are negotiable):

  • Experience with the myriad of regulatory compliance frameworks our client base is subject to (e.g., HIPAA, PII, PCI-DSS, SOX, STARS, NERC-CIP).
  • Certifications that demonstrate to our clients our commitment to excellence in our craft (e.g., ISO 27001 Lead Implementer, CISA, CISSP, ISO 27001 Lead Auditor).
  • Familiarity with related standards (e.g., SSAE-16 SOC1, SOC2, ISO-22301, ISO-9001).

Click here to apply now

About Pivot Point Security

We’re a small, but growing, company. So, we do our best to keep the right people at PPS (most of our team has been together for 6+ years) by aspiring to:

  • A high-performance work environment with extremely passionate, driven and experienced technical professionals. At Pivot Point Security, you will find colleagues you can respect and learn from.
  • A management system where all employees participate in establishing the company’s goals/initiatives and have ready visibility into the company’s performance. We’re working hard to create processes and metrics to measure our, *and your) success.
  • An environment where relationships are important, internally and externally. We provide the highest levels of customer service and strive to always exceed our clients’ expectations.
  • A competitive salary (more than most) with a F100 level benefits package (e.g., medical, dental, vision, HCFSA, 401K w/ company match, 529 College Savings, Adoption Assistance, vacation and personal days).
  • Providing individuals, the opportunity to develop by giving them the resources required, surrounding them with great colleagues, and allowing them to take on new/big challenges.

As a Company, We:

  1. Tell the Truth (Honesty is almost always the best policy)
  2. Do The Right Thing (Keep commitments, over-communicate, be transparent, confident, worthy of/thrive on freedom)
  3. Smile (Life is too short not to … likeability is nearly as important as competence)
  4. Seek “Win-Win” (Think cooperative, not competitive – seek mutual benefit in all interactions)
  5. Consult (Every situation is unique; listen, understand, educate, and express a clear opinion)
  6. Simplify (Less is more …)
  7. Are Customer Focused
Third Party Risk Management Consultant, TPRM

Do you thrive in a dynamic environment? Do you like challenges? Do you believe work and fun are not mutually exclusive?

Then maybe, you’re the one we’re looking for. We need team players who are smart and creative, who love IT assurance and who want to grow with a growing company: who are as comfortable talking with senior management about Information Security Management Systems and attestation strategies as they are with a developer or sysadmin about TLSv1.2.

We are looking for the “right” person to join our team as a TPRM (Third Party Risk Management) Consultant to work in a collaborative fashion with our clients to help them manage Information Security & Compliance Risk related to their use of suppliers and other third parties. We have both remote and on-site assessment positions available.  In the on-site assessment role, you may spend 10 – 35% of your time at client sites and the rest of your time working from wherever you work most effectively. In the remote assessment role, you will work from wherever you work most effectively. We will provide training/certification for the right person.

Click here to apply now

We expect this person will:

  • Meet/exceed defined contribution goals for services you will deliver.
  • Achieve target Net Promoter Scores for your service by managing client relationships.
  • Earn and gain the trust and respect of the PPS team.

The right person HAS the following characteristics (these are “non-negotiable”):

  • Personal integrity, a highly transparent nature, and a mind-set of “mutual benefit”.
  • Thrives on and is worthy of self-managing the projects for which they are responsible (micro-management is a four-letter word at PPS).
  • Has very high “Self-Expectation” (self-motivated, self-aware, self –disciplined, self-improving, and self-governed). You hold yourself to a higher standard than others do.
  • Enjoys work and life, values a balance, and is looking for a company that shares those ideals (understands that you do not get a second chance to see your child’s first school play and that it does not matter if the report gets done at 3PM or 10PM, if it gets done).
  • Highly consultative and collaborative nature; someone who enjoys helping others achieve ambitious business and information assurance goals.
  • Effectively and proactively communicates in writing/speech both internally/externally from the server room to the board room.
  • The ability to “work from anywhere” as this role is remote/virtual in nature.
  • A good sense of humor and the ability to laugh at themselves.

The right person usually has the following experience (these are somewhat negotiable):

  • Enough Information Technology and Information Security experience to contextualize and make their recommendations relevant and valuable.
  • Experience (2-5 years) and knowledge of Third Party Risk Management, including the performance of supplier reviews.
  • Experience working in a regulated industry (banking, finance, healthcare).
  • Experience working in a highly consultative manner (e.g., in a consulting firm, or across business units/functions).
  • A Bachelor’s degree in IT, Business, or a related field.

The right person often has the following attributes (these are negotiable):

  • Experience with third party risk-related frameworks our client base is subject to (e.g., OCC 2013-29, HIPAA, PII, PCI-DSS, SOX).
  • Certifications that demonstrate to our clients our commitment to excellence in our craft (e.g., CISA, CISSP, Security+, CTPRP, CRMA).
  • Familiarity with related standards (e.g., SSAE-18 SOC1, SOC2, ISO-22301, ISO-9001).

Click here to apply now

About Pivot Point Security

We’re a small, but growing, company. So, we do our best to keep the right people at PPS (most of our team has been together for 6+ years) by aspiring to:

  • A high-performance work environment with extremely passionate, driven and experienced technical professionals. At Pivot Point Security, you will find colleagues you can respect and learn from.
  • A management system where all employees participate in establishing the company’s goals/initiatives and have ready visibility into the company’s performance. We’re working hard to create processes and metrics to measure our, *and your) success.
  • An environment where relationships are important, internally and externally. We provide the highest levels of customer service and strive to always exceed our clients’ expectations.
  • A competitive salary (more than most) with a F100 level benefits package (e.g., medical, dental, vision, HCFSA, 401K w/ company match, 529 College Savings, Adoption Assistance, vacation and personal days).
  • Providing individuals, the opportunity to develop by giving them the resources required, surrounding them with great colleagues, and allowing them to take on new/big challenges.

As a Company, We:

  1. Tell the Truth (Honesty is almost always the best policy)
  2. Do The Right Thing (Keep commitments, over-communicate, be transparent, confident, worthy of/thrive on freedom)
  3. Smile (Life is too short not to … likeability is nearly as important as competence)
  4. Seek “Win-Win” (Think cooperative, not competitive – seek mutual benefit in all interactions)
  5. Consult (Every situation is unique; listen, understand, educate, and express a clear opinion)
  6. Simplify (Less is more …)
  7. Are Customer Focused
Third Party Risk Management Service Lead

Do you thrive in a dynamic environment? Do you like challenges? Do you believe work and fun are not mutually exclusive?

Then maybe, you’re the one we’re looking for. We need team players who are smart and creative, who love IT assurance and who want to grow with a growing company: who are as comfortable talking with senior management about Information Security Management Systems and attestation strategies as they are with a developer or sysadmin about TLSv1.2.

We are looking for the “right” person to join our team as a TPRM (Third Party Risk Management) Service Lead to work in a collaborative fashion with our clients to help them manage Information Security & Compliance Risk related to their use of suppliers and other third parties. We have both remote and on-site assessment positions available.  In the on-site assessment role, you may spend 10 – 35% of your time at client sites and the rest of your time working from wherever you work most effectively. In the remote assessment role, you will work from wherever you work most effectively. We will provide training/certification for the right person.

Click here to apply now

We expect this person will:

  • Meet/exceed defined contribution goals for services you will deliver.
  • Achieve target Net Promoter Scores for your service by managing client relationships.
  • Earn and gain the trust and respect of the PPS team.

The right person HAS the following characteristics (these are “non-negotiable”):

  • Personal integrity, a highly transparent nature, and a mindset of “mutual benefit”.
  • Thrives on and is worthy of self-managing the projects for which they are responsible (micro-management is a four-letter word at PPS).
  • Has very high “Self-Expectation” (self-motivated, self-aware, self –disciplined, self-improving, and self-governed). You hold yourself to a higher standard than others do.
  • Enjoys work and life, values a balance, and is looking for a company that shares those ideals (understands that you do not get a second chance to see your child’s first school play and that it does not matter if the report gets done at 3 PM or 10 PM, if it gets done).
  • Highly consultative and collaborative nature; someone who enjoys helping others achieve ambitious business and information assurance goals.
  • Effectively and proactively communicates in writing/speech both internally/externally from the server room to the boardroom.
  • The ability to “work from anywhere” as this role is remote/virtual in nature.
  • A good sense of humor and the ability to laugh at themselves.

The right person usually has the following experience (these are somewhat negotiable):

  • Enough Information Technology and Information Security experience to contextualize and make their recommendations relevant and valuable.
  • Experience (4-6 years) and knowledge of Third Party Risk Management, including the performance of supplier reviews.
  • Experience developing and delivering at TPRM service.
  • Experience working in a regulated industry (banking, finance, healthcare).
  • Experience working in a highly consultative manner (e.g., in a consulting firm, or across business units/functions).
  • A Bachelor’s degree in IT, Business, or a related field.

The right person often has the following attributes (these are negotiable):

  • Experience with third party risk-related frameworks our client base is subject to (e.g., OCC 2013-29, HIPAA, PII, PCI-DSS, SOX).
  • Certifications that demonstrate to our clients our commitment to excellence in our craft (e.g., CISA, CISSP, Security+, CTPRP, CRMA).
  • Familiarity with related standards (e.g., SSAE-18 SOC1, SOC2, ISO-22301, ISO-9001).

Click here to apply now

About Pivot Point Security

We’re a small, but growing, company. So, we do our best to keep the right people at PPS (most of our team has been together for 6+ years) by aspiring to:

  • A high-performance work environment with extremely passionate, driven and experienced technical professionals. At Pivot Point Security, you will find colleagues you can respect and learn from.
  • A management system where all employees participate in establishing the company’s goals/initiatives and have ready visibility into the company’s performance. We’re working hard to create processes and metrics to measure our, *and your) success.
  • An environment where relationships are important, internally and externally. We provide the highest levels of customer service and strive to always exceed our clients’ expectations.
  • A competitive salary (more than most) with a F100 level benefits package (e.g., medical, dental, vision, HCFSA, 401K w/ company match, 529 College Savings, Adoption Assistance, vacation and personal days).
  • Providing individuals, the opportunity to develop by giving them the resources required, surrounding them with great colleagues, and allowing them to take on new/big challenges.

As a Company, We:

  1. Tell the Truth (Honesty is almost always the best policy)
  2. Do The Right Thing (Keep commitments, over-communicate, be transparent, confident, worthy of/thrive on freedom)
  3. Smile (Life is too short not to … likeability is nearly as important as competence)
  4. Seek “Win-Win” (Think cooperative, not competitive – seek mutual benefit in all interactions)
  5. Consult (Every situation is unique; listen, understand, educate, and express a clear opinion)
  6. Simplify (Less is more …)
  7. Are Customer Focused

Future Positions:

GRC Consultant (San Francisco, CA Area)

**Future Role** 

Please note that we are not currently hiring for this position. Please check back soon for an application link.


Do you thrive in a dynamic environment? Do you like challenges? Do you believe work and fun are not mutually exclusive?

Then maybe, you’re the one we’re looking for. We need team players who are smart and creative, who love IT assurance and who want to grow with a growing company: who are as comfortable talking with senior management about Information Security Management Systems and attestation strategies as they are with a developer or sysadmin about TLSv1.2.

We are looking for the “right” person to join our team as a GRC (Governance, Risk Management and Compliance) Consultant to work in a collaborative fashion with our clients to help them manage Information Security & compliance risk as well as prove the same to management and customers. In this role, you will spend 10 – 35% of your time at client sites and the rest of your time working from wherever you work most effectively. We will provide training/certification for the right person.

We expect this person will:

  • Meet/exceed defined contribution goals for services you will deliver.
  • Achieve target Net Promoter Scores for your service by managing client relationships.
  • Ensure 100% certification success rate on ISMS projects.
  • Earn and gain the trust and respect of the PPS team.

The right person HAS the following characteristics (these are “non-negotiable”):

  • Personal integrity, a highly transparent nature, and a mindset of “mutual benefit”.
  • Thrives on and is worthy of self-managing the projects they are responsible for (micro-management is a four-letter word at PPS).
  • Has very high “Self-Expectation” (self-motivated, self-aware, self –disciplined, self-improving, and self-governed). You hold yourself to a higher standard than others do.
  • Enjoys work and life, values a balance, and is looking for a company that shares those ideals (understands that you do not get a second chance to see your child’s first school play and that it does not matter if the report gets done at 3 PM or 10 PM, if it gets done).
  • Highly consultative and collaborative nature; someone who enjoys helping others achieve ambitious business and information assurance goals.
  • Effectively and proactively communicates in writing/speech both internally/externally from the server room to the boardroom.
  • The ability to “work from anywhere” as this role is remote/virtual in nature.
  • A good sense of humor and the ability to laugh at themselves.

The right person usually has the following experience (these are somewhat negotiable):

  • Enough Information Technology and Information Security experience to contextualize and make their recommendations relevant and valuable.
  • Experience and knowledge with Governance, Risk Management and Compliance
  • Significant knowledge of ISO 27001/2 and its derivatives (e.g., HITRUST, Shared Assessment) as much of our consulting and collaboration is around an ISO 27001 Information Security Management System.
  • Solid knowledge of the NIST 800-171/FISMA framework and is derivatives (e.g., Fed RAMP, CMS Information Security Program) as many of our clients serve government customers.
  • Experience working in a highly consultative manner (e.g., in a consulting firm, or across business units/functions).

The right person often has the following attributes (these are negotiable):

  • Experience in and/or a desire to contribute to PPS’s Network & Application Security practice areas (e.g., architecture/configuration reviews, Vulnerability Assessments, Penetration Tests, targeted gap assessments, Source Code Reviews).
  • Experience with the myriad of regulatory compliance frameworks our client base is subject to (e.g., HIPAA, PII, PCI-DSS, SOX, STARS, NERC-CIP).
  • Certifications that demonstrate to our clients our commitment to excellence in our craft (e.g., ISO 27001 Lead Implementer, CISA, CISSP, ISO 27001 Lead Auditor, MCSE, CEH, OSCP).
  • Familiarity with related standards (e.g., SSAE-16 SOC1, SOC2, ISO-22301, ISO-9001).
Information Security Management (ISMS) Consultant - New York, NY

**Future Role** 

Please note that we are not currently hiring for this position. Please check back soon for an application link.


 

We are looking for the “right” person to lead our Cyber Liability Insurance Service Area which predominantly works in a collaborative fashion with our insurance vertical client base to help them effectively manage the risk associated with member risk. This involves building/optimizing the practices these organizations use to underwrite and manage information security risk for their members. In this role, you will spend 10 – 35% of your time at client sites and the rest of your time working from wherever you work most effectively. We will provide training/certification for the right person.

We expect this person will:

  • Meet/exceed defined contribution goals for services you will deliver.
  • Achieve target Net Promoter Scores for your service by managing client relationships.
  • Ensure 100% certification success rate on ISMS projects.
  • Earn and gain the trust and respect of the PPS team.

The right person HAS the following characteristics (these are “non-negotiable”):

  • Personal integrity, a highly transparent nature, and a mind-set of “mutual benefit”.
  • Thrives on and is worthy of self-managing the projects they are responsible for (micro-management is a four-letter word at PPS).
  • Has very high “Self-Expectation” (self-motivated, self-aware, self –disciplined, self-improving, and self-governed). You hold yourself to a higher standard than others do.
  • Enjoys work and life, values a balance, and is looking for a company that shares those ideals (understands that you don’t get a second chance to see your child’s first school play and that it doesn’t matter if the report gets done at 3PM or 10PM, if it gets done).
  • Highly consultative and collaborative nature; someone who enjoys helping others achieve ambitious business and information assurance goals.
  • Effectively and proactively communicates in writing/speech both internally/externally from the server room to the board room.
  • The ability to “work from anywhere” as this role is remote/virtual in nature.
  • A good sense of humor and the ability to laugh at themselves.

The right person usually has the following experience (these are somewhat negotiable):

  • Enough Information Technology and Information Security experience to contextualize and make their recommendations relevant and valuable.
  • Significant knowledge of ISO-27001/2 and its derivatives (e.g., HITRUST, Shared Assessment) as much of our consulting and collaboration is around an ISO-27001 Information Security Management System.
  • Solid knowledge of the NIST 800-171/FISMA framework and is derivatives (e.g., Fed RAMP, CMS Information Security Program) as many of our clients serve government customers.
  • Experience working in a highly consultative manner (e.g., in a consulting firm, or across business units/functions).

The right person often has the following attributes (these are negotiable):

  • Experience in and/or a desire to contribute to PPS’s Network & Application Security practice areas (e.g., architecture/configuration reviews, Vulnerability Assessments, Penetration Tests, targeted gap assessments, Source Code Reviews).
  • Experience with the myriad of regulatory compliance frameworks our client base is subject to (e.g., HIPAA, PII, PCI-DSS, SOX, STARS, NERC-CIP).
  • Certifications that demonstrate to our clients our commitment to excellence in our craft (e.g., ISO-27001 Lead Implementer, CISA, CISSP, ISO 27001 Lead Auditor, MCSE, CEH, OSCP).
  • Familiarity with related standards (e.g., SSAE-16 SOC1, SOC2, ISO-22301, ISO-9001).
Penetration Tester/Ethical Hacker

**Future Role** 

Please note that we are not currently hiring for this position. Please check back soon for an application link.


 

We are looking for the “right” person to join our Network Services team as a Penetration Tester/Ethical Hacker to deliver a tightly knit group of penetration testing services including network, application, phishing, and physical testing to our diverse client base to complement our information assurance services.

The right person has the following characteristics (these are “non-negotiable”):

  • Personal integrity, a highly transparent nature, and a mindset of “mutual benefit”. (We don’t “sell” – we educate, collaborate and listen.)
  • Thrives on and is worthy of self-managing their work effort (micro-management is a four-letter word at PPS).
  • Very high “Self-Expectation” (self-motivated, self-aware, self –disciplined, self-improving, and self-governed). You hold yourself to a higher standard than others do.
  • A high level of attention to detail.
  • A desire to approach each opportunity as new, not using a cookie cutter or template approach.
  • Enjoys work and values family and is looking for a company that shares those ideals (understands that you don’t get a second chance to see your child’s first school play and that it doesn’t matter if the proposal gets done at 3 PM or 10 PM, if it gets done).
  • Highly consultative and collaborative nature; someone who enjoys helping others (clients and team members) achieve ambitious business and information assurance goals.
  • Effective and proactive communication skills in writing/speech. You’ll prepare proposals, SOW’s, track and nurture leads, email and talk to clients until no question is left unanswered.
  • Demonstrable computer skills and proficiency with the Microsoft Office suite of applications.
  • The mental acuity and flexibility to work in a fast-paced, sometimes interrupted, multi-tasking environment.
  • A good sense of humor and the ability to laugh at themselves because all work and no play….
  • A passion for challenges, not afraid of the “deep end of the pool

The right person should have the following experience (these are somewhat negotiable):

  • Ability to work collaboratively with clients to assess/improve network security via architecture reviews, Network Vulnerability Assessments, Network Penetration Testing, Firewall Rule-base Reviews, Active Directory Configuration Review, and related activities.
  • Ability to work collaboratively with clients to assess/improve application security via architecture reviews, Application Vulnerability Assessments, Application Penetration Testing, Source Code Vulnerability Assessment, Source Code Review, and related activities.
  • Ability to work collaboratively with PPS’s marketing, sales, and product development professionals to ensure that your industry and Subject Matter Expertise is reflected in our marketing materials, sales proposals, and service offerings.
  • 10% – 20% travel required.
Security Awareness Education Service Lead

**Future Role** 

Please note that we are not currently hiring for this position. Please check back soon for an application link.


Do you thrive in a dynamic environment? Do you like challenges? Does educating others about Information Security excite you? Do you believe work and fun are not mutually exclusive?

We are looking for the “right” person to join our team as our Security Awareness Education Training Service Lead to work in a collaborative fashion with our clients and team to help them manage information security & compliance risk through SAET. In this role, you will establish the strategic direction for the SAE service and deliver those services to our clients’ satisfaction. This role will require you to spend 10 – 35% of your time at client sites and the rest of your time working from wherever you work most effectively. We will provide training/certification for the right person.

Culture: Non-negotiable characteristics vital to success in any role with PPS

  • Personal integrity, a highly transparent nature, and a mind-set of “mutual benefit”.
  • Thrives on and is worthy of self-managing the work they are responsible for (micro-management is a four-letter word at PPS).
  • Has very high “Self-Expectation” (self-motivated, self-aware, self –disciplined, self-improving, and self-governed). You hold yourself to a higher standard than others do.
  • Enjoys and values a work life balance and is looking for a company that shares those ideals (understands that you don’t get a second chance to see your child’s first school play and that it doesn’t matter if the report gets done at 3PM or 10PM, as long as it gets done).
  • Highly consultative and collaborative nature; someone who enjoys helping others achieve ambitious business and information assurance goals.
  • Effectively and proactively communicates in writing/speech both internally/externally.
  • The ability to “work from anywhere” as this role is possibly remote/virtual in nature.
  • A good sense of humor and the ability to laugh at themselves.

Outcomes: We expect the right person will:

  • Establish the strategic direction for the SAE service including tools, partners, content, ,delivery, marketing, business development and sales).
  • Liaise with other Practice/Service Leads to integrate SAE Service with other key services.
  • Liaise with sales, marketing and business development to drive SAE Service growth and achieve revenue, profit and client satisfaction goals.
  • Grow the SAE service and achieve revenue, profit and client satisfaction goals.

Experience: PPS feels the following experience will contribute to success in this role

  • Demonstrated experience managing the delivery of complex information technology or information security services or solutions.
  • Three years of experience creating, delivering and/or managing the delivery of SAE.
  • Experience producing video based training (e.g., filming, video editing, post production, learning management systems, etc.).
  • Passionate and knowledgeable about current Information Security topics and trends.

About Pivot Point Security

We’re a small, but growing, company (45% per year growth over last 4 years), so we do our best to keep the right people at PPS (most of our team has been together for 6+ years) by aspiring to:

  • A high-performance work environment with extremely passionate, driven and experienced technical professionals. At Pivot Point Security you will find colleagues you can respect and learn from.
  • A management system where all employees participate in establishing the company’s goals/initiatives and have ready visibility into the company’s performance. We’re working hard to create processes and metrics to measure our (and your) success.
  • An environment where relationships are important, internally and externally. We provide the highest levels of customer service and strive to always exceed our clients’ expectations.
  • A competitive salary (more than most) with a F100 level benefits package (e.g., medical, dental, vision, HCFSA, 401K w/ company match, 529 College Savings, Adoption Assistance, vacation and personal days).
  • Providing individuals the opportunity to develop by giving them the resources required, surrounding them with great colleagues, and allowing them to take on new/big challenges.

As a Company, We:

  1. Tell the Truth (Honesty is almost always the best policy)
  2. Do The Right Thing (Keep commitments, over-communicate, be transparent, confident, worthy of/thrive on freedom)
  3. Smile (Life is too short not to … likeability is nearly as important as competence)
  4. Seek “Win-Win” (Think cooperative, not competitive – seek mutual benefit in all interactions)
  5. Consult (Every situation is unique; listen, understand, educate, and express a clear opinion)
  6. Simplify (Less is more …)
  7. Are Customer Focused