This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description As a Sr. Security Services Advisor, you will be responsible for providing premium consulting services focused in the areas of cyber security, risk and business continuity to our clients. Your responsibilities include: - Providing assessment services, consulting projects, and ongoing executive consulting engagements. - Coordinating consulting engagements under the lead of dedicated project management teams. - Coordinating technical resources performing assessment work and consolidating technical assessment data into business outcome-driven consulting deliverables. - Acting as the client’s trusted advisor with high expectations for professionalism, excellence in communications, and presentation capabilities. - Interacting with a range of IT and business resources, including C-level executives and customer boards. This is a national role with a primary location and moderate travel expectations. This position can work remotely but will require occasional support onsite at our Downers Grove, IL headquarters. Qualifications - 10+ years of experience in a similar role. - CMMC experience and CyberAB CMMC Certified Professional Certification highly required. - Ability to consult organizations on cyber security risk and technologies, governance, policy standards, and alignment with maturity to industry standard models. - Experience performing and/or managing security assessments in regulated organizations. - Experience managing, interpreting, and remediating findings from Pen testing. - Ability to adapt to various customer environments. - Experience guiding organizations to achieve and maintain compliance attestations such as SOC II, PCI, HITRUST, and other relevant certifications. - Experience with NIST Cyber Security Framework is required. - Experience building cybersecurity strategies for enterprise organizations. - Experience with Center for Internet Security (CIS) benchmarks is highly desirable. - Ability to write organization security and governance standards. - Experience delivering risk assessments using NIST SP 800-30 or ISO 27005. - Experience participating in and/or performing cyber incident response testing and tabletop exercises desirable. - Bachelor’s Degree or higher is preferred. - Process-oriented with excellent people skills. - Ability to communicate both written and orally with various members of an organization from Engineers to Executive teams. - Ability to consult customers on incident response, disaster recovery, and document processes. - Must have a car for travel between locations and transportation of equipment. - A valid driver’s license and proof of vehicle insurance will be required. - Legally authorized to work in the US without sponsorship. - Must demonstrate a “can-do” attitude. - Focus on candidates that display the “ACE” factor – Attitude, Compassion, and Enthusiasm. Requirements - Compensation: $200,000-$220,000. Benefits - Energetic work environment with many corporate culture amenities. - Competitive salary and rich benefit plan including: - Medical, Dental, Vision. - 401K, 529. - Life Insurance. - Income Protection Short and Long-Term Disability. - Medical and Child/Elder Care. - Flexible Spending Account Plans. - Family Planning Benefits. - Financial Education. - Identity Theft Protection and Assistance. - Legal Services. - Employee Assistance Program. - Two weeks’ vacation and additional paid time-off for Personal and Sick. - Certification and hands-on training. - Employee discount for product services and entertainment. Company Description Sentinel Technologies, Inc. has been rated a top workplace every year since 2012! Sentinel delivers solutions that can efficiently address a range of IT needs – from security, to communications, to systems & networks, to software applications, to cloud and managed services; all of which include our staffing solutions for our clients. Since 1982, Sentinel has grown from providing technology maintenance services to our current standing as one of the leading IT services and solutions providers in the US. We have aligned with many of today’s global technology leaders including Cisco, Dell, VMware, and Microsoft. Sentinel services customers both nationally and internationally with primary support operating centers in: - Downers Grove (HQ) - Chicago - Springfield, IL - Phoenix, AZ - Lansing and Grand Rapids, MI - Milwaukee, WI - Denver, CO If you are MOTIVATED… you can make IT happen at Sentinel. Our commitment to our employees is to create a work environment that encourages creativity, an entrepreneurial spirit, fosters growth through certification and hands-on training, and values a team-oriented culture with rewards based on impact!

• Monitor, investigate, and respond to security alerts and incidents across systems, networks, and cloud environments. • Perform regular vulnerability assessments, patch verification, and risk remediation tracking. • Support security awareness programs and ensure employees adhere to company security policies, procedures and standards. • Assist in managing endpoint security tools (EDR, DLP, MDM, etc.) and identity/access management systems. • Collaborate with IT, DevOps, and engineering teams to implement secure configurations, code reviews, and cloud security best practices. • Conduct periodic access reviews and support audit and compliance efforts (SOC 2, ISO 27001, etc.). • Document incident response actions and recommend process improvements. • Contribute to risk assessments and control testing for new vendors, applications, and systems. • Stay current on emerging threats, vulnerabilities, and regulatory requirements impacting the business. • Demonstrate a business-first mindset.

• Administer and enhance the user access review process to identify and address access control issues effectively. • Draft, refine, and socialize policies/standards (access control, change management, vendor security, incident response, data privacy); maintain clear SOPs and RACI. • Prepare high‑quality evidence, narratives, and diagrams; coordinate with auditors/assessors; manage requests and deadlines. • Participate in Incident response efforts by conducting log analysis, gathering evidence, and executing remediation tasks. • Build dashboards for control health, User Access Reviews completion, vendor coverage, GDPR compliance metrics, and audit findings; present insights to InfoSec leadership and stakeholders. • Automate evidence collection and access reviews where possible; propose control enhancements that improve security and reduce operational toil. • Deliver security awareness presentations for both technical and non-technical users. Actively contribute to ongoing information security education through diverse methods such as phishing simulations, annual training sessions, on-demand courses, and workshops. • Support Governance, Risk, and Compliance (GRC) initiatives by implementing controls and gathering necessary evidence, and control testing. • Support InfoSec Risk Issue Intake process to assess and risk rank new issues, identify and document mitigation plans/timelines with risk owners and SMEs, and track to resolution. • Support quarterly user access review process (UARs) for SOX systems and ensure tickets are tracked to resolution and actioned within audit requirements. Complete lookback analysis where necessary • Support Data Loss Prevention process by triaging and investigating alerts in the Mimecast/Code42 solution. • Lead and coordinate GDPR compliance activities including Data Protection Impact Assessments (DPIAs), Records of Processing Activities (RoPA), data subject rights requests, and privacy audits. • Manage the Third Party Risk Management (TPRM) program including vendor security assessments, ongoing risk monitoring, review of vendor attestations (SOC 2, ISO 27001), and maintenance of the vendor risk register. • Conduct comprehensive security assessments of third-party vendors using standardized questionnaires and frameworks; work with vendors on remediation of identified gaps. • Participate in an on-call rotation to address security incidents and escalations promptly.

• Own the end-to-end process for all client and prospect security questionnaires, acting as the central project manager from the initial JIRA ticket to final delivery. • Review, triage, and assign all questions to the appropriate cross-functional teams (e.g., Engineering, IT, Legal), eliminating ambiguity and coordination burdens from the Client Success Managers (CSMs). • Collaborate with and track progress from all internal stakeholders, actively managing timelines to ensure responses are accurate and completed within established SLAs. • Perform final quality assurance (QA) reviews on all completed questionnaires to ensure the document is cohesive, professional, and all questions are answered before client delivery. • Partner with GRC leadership to develop, document, and refine standardized workflows, creating clear success metrics (e.g., reduced turnaround time). • Act as the primary point of contact for the Sales and Client Success teams on all security-related inquiries, including escalations for new sales and upsell deals. • Represent the cybersecurity team on calls with clients and prospects, acting as the expert to address security concerns and build trust. • Develop, maintain, and promote a "Trust Center" (e.g., using Whistic) by centralizing existing "Go-To-Market Packet" and other documentation to proactively address common security questions. • Manage the intake process for security reviews of non-standard client agreements, collaborating with Legal to formalize the review of data security and AI clauses. • Support the Third-Party Risk Management (TPRM) program by helping to manage automated workflows that flag high-risk vendors for GRC review. • Assist in communicating and enforcing the required Third-Party Security Addendum (TPSA) for new vendors.