Return To Job Search

Security Risk Assessment Analyst

Minnesota - Security Consultant

Hollstadt Overview

Hollstadt Consulting is a management and technology consulting firm dedicated to placing professionals at engagements where they will excel. When you work with us, you'll work with a refreshingly real company led and staffed by seasoned experts who are also down-to-earth, good people. We're committed to treating you with respect and helping you achieve your career aspirations.

Since 1990, Hollstadt has been a trusted partner to more than 150 domestic and global companies and has successfully completed over 2,000 projects. Our continued growth has created challenging and rewarding opportunities for accomplished IT and Business Consultants. Hollstadt Consulting is an equal opportunity employer including disability/veteran.


Job Description

Title: Security Risk Assessment Analyst

Rate: The hourly pay rate range for this position is $52.20–$69, dependent on qualifications and experience.

Length: 6 months with potential to convert or extend

Location: East side of Twin Cities - must be on-site 3 days a week


Hollstadt offers medical, dental, vision, life insurance, short-term disability, long-term disability, paid sick leave, and retirement benefits to eligible employees.


Overview of Role: Client is building out a proactive Governance, Risk, and Compliance team in its security practice. Client is not interested in security compliance auditors. An ideal candidate will have experience in developing security programs as a thought leader with experience in the implementation of GRC. Experience in companies of similar size and industry preferred. In addition to implementing elevated GRC practices with the current team, this individual will be responsible for security risk assessments for many projects/efforts that come into our enterprise. This individual will need to be able to assess security framework controls against the stated architecture/design, be able to ask technical questions in layman's terms to requestors (across the architecture domains—network, servers, application, IAM, etc.), identify gaps in compliance to the controls, recommend mitigating controls for the gaps, and document the assessment. This individual should have experience in framing up risk escalations to a leadership team for risk decisions, following up on these decisions, tracking the risk, and monitoring the risk. This person will help offer recommendations for improvements, design, and streamline GRC oversight over all these processes and implement alongside other key GRC members.



Qualifications and Requirements:

  • 5-7 years of experience with networking, system administration, or some other infrastructure and operations background.
  • 3-5 years of experience in information security practices.
  • Basic understanding of cloud technologies (AWS, Azure, OCI) – SaaS, PaaS, IaaS, deployment, provisioning, security, etc.
  • CISSP, Security+, or other related degree or certification.
  • Experience in building Governance, Risk, and Compliance practices to elevate a security program.
  • Experience and technical knowledge working through complex risk assessments, including hardware, software, and restricted data; identifying the vulnerability gaps in solutions and practices and making recommendations for how to close the gaps in solution architecture and design.
  • Experience with security tools and technologies such as firewalls, intrusion and detection, and prevention systems, and security information and event management solutions.
  • Ability to digest, understand, and summarize external penetration test reports, compliance reports, etc., in an appropriate manner for internal stakeholder consumption.
  • Knowledge of regulatory requirements and compliance frameworks such as HIPAA, PCI, and CCPA, GDPR.
  • Knowledge of information security principles and best practices, including vulnerability management, access control, and incident response.
  • Knowledge and application of security frameworks (CIS CSC v8, NIST CSF 2.0, etc.).
  • Strong analytical and problem-solving skills, with the demonstrated ability to identify and mitigate risks proactively.
  • Ability to understand business needs and requests with regards to analyzing third parties for risk.
  • Ability to identify compensating controls to reduce identified risk.
  • Excellent communication skills with the ability to translate complex technical terms to business and other teams.
  • Collaborative mindset.


Benefits + Perks

Comprehensive Benefit Plan

Hollstadt offers a competitive and comprehensive benefit package which includes Medical, Dental, Vision, Long Term/Short Term Disability, and Life Insurance. With three different medical plans to choose from, you can enroll in the coverage you need from single to family, or anywhere in between!

Remarketing Process

Hollstadt is based on retention and relationships. We get to know your strengths and career wishes throughout your assignment and then start remarket discussions 6-8 weeks prior to your end date. By being proactive, we are able to keep your down time between assignments as short as possible, unless you choose otherwise.

Professional Development

Hollstadt offers free bi-weekly training courses for our consultants as well as on-demand access to past sessions through our consultant portal. Trainings give our consultants the continuing education they need to excel on their projects.

401k + Matching

One popular benefit is our 401(k) match on the first 4% of your contributions. Hollstadt wants to help you reach your long-term financial goals and understands that planning for your future is critical. Consultants also have access to support from a Financial Advisor.

Bonus Opportunities

We appreciate and reward loyalty. Join Hollstadt, stay for 5 years, and we’ll give you a $5,000 Longevity Award bonus! Additionally, we know great talent knows other great talent. If you are on contract with Hollstadt and refer one of your connections who gets placed, we’ll pay you $1,000!

Ongoing Support & Networking

We have made a significant investment in building a support program for our consultant team - so you never have to feel like you are going it alone. We also have a Consultant Coach program which acts like a 'work buddy' to provide a safe ear for questions or concerns at your client site.