Information Security Lead

Information Technology Chicago, Illinois


Information Security Lead

We’re passionate, we’re collaborative and we are growing.

AArete is looking for an Information Security Lead. You are highly technical with an entrepreneurial spirit and commitment to excellence. You strive in a team environment and have the ability to flip tasks and priorities midstream because you love an exciting challenge. The bar is set high at AArete. There is a lot to do around here and you love getting the job done right.

At AArete we live and breathe to provide the best experience to our clients each and every day. We are fresh, passionate, have tons of energy, and love what we do – provide non- labor cost reduction solutions and wow our clients with impeccable service.

Why AArete? Our culture embraces the motto – Work hard. Play hard.  We always make sure to change the pace and offer our employees a chance to unwind and have fun with monthly happy hours, active team outings and national meetings in beautiful locations.

We also believe in giving back. We support our communities by sponsoring charitable organizations through fundraising and volunteer efforts.

We know there is more to life than work and believe passionately that our people enjoy both a family and a career at AArete.

It is an exciting time to join the AArete team. Come join the company named in Vault’s Top 50 Firms to Work For 2019, Crain's Chicago Business Fast 50 for the 3rd time, Inc 5000’s Fastest Growing Firms list for the 4th consecutive year and Consulting Magazine's Fastest Growing Firms for the 4th consecutive year.


The Role: As the Information Security Lead at AArete, you will work to protect our organization against cyber threats. You will assess current procedures and implement new practices to keep AArete’s technical environment safe.


Primary Responsibilities:


  •        Prepare AArete's technical environment and business processes for alignment with emerging security and privacy regulations, compliance frameworks, best practices
  •        Enhance AArete's Privacy program to align with GDPR and other compliance frameworks specific to AArete client industries
  •        Work closely with internal and external stakeholders to ensure audit enquiries are completed in a timely, precise, and professional manner
  •        Conduct a complete risk assessment of all AArete systems and assist Information Security Officer and Information Technology team with the completion of quarterly and annual independent assessments, as well as any identified remediation activities
  •        Own daily, weekly, and monthly security responsibilities, such as system activity report reviews, investigation of anomalous system activity, etc.
  •        Design and implement security controls as needed to remediate identified gaps
  •        Provide input on internal Change Management processes
  •        Write, edit, and update Information Security Policies and Procedures
  •        Provide oversight and management of security system operations, such as SIEM, MFA, NAC, WCF, IDS, etc.
  •        Identify security systems to improve AArete's security posture, manage the implementation of these systems to ensure security and business objectives are met and ensure that they are compliant with AArete policies & procedures, client requirements, and compliance requirements
  •        Conduct Security and Privacy Training
  •        Provide first line of response for internal security questions or incident reports



  •        3 - 5 years in Information Technology
  •        2 - 3 years prior experience responding to security audits and managing remediation activities
  •        Experience with some combination of the following security, privacy, and compliance frameworks:  NIST Cyber Security Framework, NIST Risk Management Framework, ISO 27000, AICPA SSAE 18, PCI, Privacy Shield, GDPR
  •        Experience with HITRUST Cyber Security Framework  preferred
  •        Security certifications such as SSCP, CompTIA Security+, CISSP, CISM a plus
  •        Ability to clearly explain complex security requirements to technical and non-technical audiences
  •        General knowledge of data center operations, including Windows and Linux operating systems
  •        Knowledge of cloud security best practices, OWASP, or SecDevOps preferred
  •        Prior experience at a consulting or professional services firm a plus