• Track emerging threats and assess relevance to AWS environment • Triage external and internal inputs and drive validation and investigation • Translate threat intelligence into actions: containment guidance and prioritized remediation • Lead and execute high-severity security incidents across AWS and endpoints • Drive incidents from initial signal through containment and recovery • Reconstruct attacker activity and produce clear incident documentation • Investigate AWS incidents and lead investigations involving common AWS compromise patterns • Improve detection coverage and partner with detection engineering • Build and maintain investigation and response automation using SOAR tools

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description As a Sr. Security Services Advisor, you will be responsible for providing premium consulting services focused in the areas of cyber security, risk and business continuity to our clients. Your responsibilities include: - Providing assessment services, consulting projects, and ongoing executive consulting engagements. - Coordinating consulting engagements under the lead of dedicated project management teams. - Coordinating technical resources performing assessment work and consolidating technical assessment data into business outcome-driven consulting deliverables. - Acting as the client’s trusted advisor with high expectations for professionalism, excellence in communications, and presentation capabilities. - Interacting with a range of IT and business resources, including C-level executives and customer boards. This is a national role with a primary location and moderate travel expectations. This position can work remotely but will require occasional support onsite at our Downers Grove, IL headquarters. Qualifications - 10+ years of experience in a similar role. - CMMC experience and CyberAB CMMC Certified Professional Certification highly required. - Ability to consult organizations on cyber security risk and technologies, governance, policy standards, and alignment with maturity to industry standard models. - Experience performing and/or managing security assessments in regulated organizations. - Experience managing, interpreting, and remediating findings from Pen testing. - Ability to adapt to various customer environments. - Experience guiding organizations to achieve and maintain compliance attestations such as SOC II, PCI, HITRUST, and other relevant certifications. - Experience with NIST Cyber Security Framework is required. - Experience building cybersecurity strategies for enterprise organizations. - Experience with Center for Internet Security (CIS) benchmarks is highly desirable. - Ability to write organization security and governance standards. - Experience delivering risk assessments using NIST SP 800-30 or ISO 27005. - Experience participating in and/or performing cyber incident response testing and tabletop exercises desirable. - Bachelor’s Degree or higher is preferred. - Process-oriented with excellent people skills. - Ability to communicate both written and orally with various members of an organization from Engineers to Executive teams. - Ability to consult customers on incident response, disaster recovery, and document processes. - Must have a car for travel between locations and transportation of equipment. - A valid driver’s license and proof of vehicle insurance will be required. - Legally authorized to work in the US without sponsorship. - Must demonstrate a “can-do” attitude. - Focus on candidates that display the “ACE” factor – Attitude, Compassion, and Enthusiasm. Requirements - Compensation: $200,000-$220,000. Benefits - Energetic work environment with many corporate culture amenities. - Competitive salary and rich benefit plan including: - Medical, Dental, Vision. - 401K, 529. - Life Insurance. - Income Protection Short and Long-Term Disability. - Medical and Child/Elder Care. - Flexible Spending Account Plans. - Family Planning Benefits. - Financial Education. - Identity Theft Protection and Assistance. - Legal Services. - Employee Assistance Program. - Two weeks’ vacation and additional paid time-off for Personal and Sick. - Certification and hands-on training. - Employee discount for product services and entertainment. Company Description Sentinel Technologies, Inc. has been rated a top workplace every year since 2012! Sentinel delivers solutions that can efficiently address a range of IT needs – from security, to communications, to systems & networks, to software applications, to cloud and managed services; all of which include our staffing solutions for our clients. Since 1982, Sentinel has grown from providing technology maintenance services to our current standing as one of the leading IT services and solutions providers in the US. We have aligned with many of today’s global technology leaders including Cisco, Dell, VMware, and Microsoft. Sentinel services customers both nationally and internationally with primary support operating centers in: - Downers Grove (HQ) - Chicago - Springfield, IL - Phoenix, AZ - Lansing and Grand Rapids, MI - Milwaukee, WI - Denver, CO If you are MOTIVATED… you can make IT happen at Sentinel. Our commitment to our employees is to create a work environment that encourages creativity, an entrepreneurial spirit, fosters growth through certification and hands-on training, and values a team-oriented culture with rewards based on impact!

• Monitor, investigate, and respond to security alerts and incidents across systems, networks, and cloud environments. • Perform regular vulnerability assessments, patch verification, and risk remediation tracking. • Support security awareness programs and ensure employees adhere to company security policies, procedures and standards. • Assist in managing endpoint security tools (EDR, DLP, MDM, etc.) and identity/access management systems. • Collaborate with IT, DevOps, and engineering teams to implement secure configurations, code reviews, and cloud security best practices. • Conduct periodic access reviews and support audit and compliance efforts (SOC 2, ISO 27001, etc.). • Document incident response actions and recommend process improvements. • Contribute to risk assessments and control testing for new vendors, applications, and systems. • Stay current on emerging threats, vulnerabilities, and regulatory requirements impacting the business. • Demonstrate a business-first mindset.

• Administer and enhance the user access review process to identify and address access control issues effectively. • Draft, refine, and socialize policies/standards (access control, change management, vendor security, incident response, data privacy); maintain clear SOPs and RACI. • Prepare high‑quality evidence, narratives, and diagrams; coordinate with auditors/assessors; manage requests and deadlines. • Participate in Incident response efforts by conducting log analysis, gathering evidence, and executing remediation tasks. • Build dashboards for control health, User Access Reviews completion, vendor coverage, GDPR compliance metrics, and audit findings; present insights to InfoSec leadership and stakeholders. • Automate evidence collection and access reviews where possible; propose control enhancements that improve security and reduce operational toil. • Deliver security awareness presentations for both technical and non-technical users. Actively contribute to ongoing information security education through diverse methods such as phishing simulations, annual training sessions, on-demand courses, and workshops. • Support Governance, Risk, and Compliance (GRC) initiatives by implementing controls and gathering necessary evidence, and control testing. • Support InfoSec Risk Issue Intake process to assess and risk rank new issues, identify and document mitigation plans/timelines with risk owners and SMEs, and track to resolution. • Support quarterly user access review process (UARs) for SOX systems and ensure tickets are tracked to resolution and actioned within audit requirements. Complete lookback analysis where necessary • Support Data Loss Prevention process by triaging and investigating alerts in the Mimecast/Code42 solution. • Lead and coordinate GDPR compliance activities including Data Protection Impact Assessments (DPIAs), Records of Processing Activities (RoPA), data subject rights requests, and privacy audits. • Manage the Third Party Risk Management (TPRM) program including vendor security assessments, ongoing risk monitoring, review of vendor attestations (SOC 2, ISO 27001), and maintenance of the vendor risk register. • Conduct comprehensive security assessments of third-party vendors using standardized questionnaires and frameworks; work with vendors on remediation of identified gaps. • Participate in an on-call rotation to address security incidents and escalations promptly.