Enterprise Security Specialist
Company Name:
New Age Software Services
US Citizenship required due to the nature of the project
One of my clients in Richmond, VA is looking for an Information Security Specialist for a 6-12
month project. This candidate will be expected to implement NIST Rev 4 and new functionality to Rsam GRC Tool. Must be able to work onsite in Richmond, VA, Baltimore, MD or Charlotte, NC.
Responsibilities:
The Enterprise Information Security Specialist I is responsible for supporting the primary areas within the National Information Security Assurance (NISA) function: Provides subject matter expertise and support for the information security policy direction for the company system and the associated automated system (Rsam) that supports the NIST based security framework. Responsible for fielding security practioner questions about the use of the automated system, and its functionality
Additionally, maintains user guides and associated procedure documents for the automated system and the associated operating procedures
Also, will work with security practioners to assess, analyze and interpret enhancement requests; and work with system admins and developers to develop functional requirements/specifications for the automated system in support of the NIST based security framework
Duties may also include working with policy, procedures, standards, risk management and exception processes; supports the enterprise information security performance program to develop and assess composite risk metrics and compliance statistics as a holistic measure of the company's information security posture; and provides analytical support for informed strategic and tactical decision-making on the company's information security program by assessing and communicating enterprise-level information security risk and security program gaps.
Qualifications:
Evaluation, enhancement and support of information security strategy, policy, standards, and processes
Intermediate knowledge of IT related industry governance and controls best practices and regulations (e.g., SOX/COSO, COBIT, ITIL)
Experience with Rsam GRC Tool or equivilant. 2.IT System Operations Support preferred
Requires intermediate
job
knowledge and results in several of the following areas: Evaluation, enhancement and support of information security strategy, policy, standards, and processes, including standards development, risk management, compliance management, and information security-related processes and procedures
Assessment of the effectiveness of an enterprise information security program through the analysis and correlation of enterprise-wide IT vulnerability and risk assessments, information system control deficiencies, risk mitigate techniques, and control implications in a heterogeneous IT environment, including operating systems, network, middleware, database, contingency, distributed computing, mainframe, etc., Involves the development of related performance metrics and risk indicators for
executive
level reporting
Information security related industry practices, standards and regulations (e.g., ISO 17799/27001, NIST, GLBA, HSPD-12)
Intermediate knowledge of IT related industry governance and controls best practices and regulations (e.g., SOX/COSO, COBIT, ITIL)
Requires strong interpersonal skills to effectively promote ideas at the System level, and promote collaboration and encourage teamwork in same or across department/division/organization as part of project teams/matrix's management
Requires strong analysis and decision making skills to facilitate resolution of highly complex information security compliance and risk issues, and to promote an effective controls environment across the enterprise
Requires strong command and interpersonal, oral, and written communication skills to prepare and present executive and management level briefings and reports related to information security performance, enterprise-wide assessments, and compliance
Prepare presentations, interact and communicate with all management and staff levels across the System and various internal and external entities
Requires a high degree of cooperation, tact, and persuasion
Broad knowledge of IT security systems, processes and procedures, including intrusion detection, firewall technologies, and identity and access management is highly desirable
May require advanced knowledge of and ability to apply formal project management methodology and the application of the PMBOK, as used within the company, as well as industry standard best practices in project management
Bachelor's or Master's degree in information security, information technology,
computer
science or related technical field is preferred, three to seven years of information security, information risk management, and/or information assurance is preferred, or an equivalent combination of education and job-related experience equal to 4 - 7 years
Prior experience in IT operations processes and controls is desirable. Prior company knowledge and experience is desirable. Certification: CISSP, CISA, CISM is desirable.Estimated Salary: $20 to $28 per hour based on qualifications.
New Age Software Services
US Citizenship required due to the nature of the project
One of my clients in Richmond, VA is looking for an Information Security Specialist for a 6-12
month project. This candidate will be expected to implement NIST Rev 4 and new functionality to Rsam GRC Tool. Must be able to work onsite in Richmond, VA, Baltimore, MD or Charlotte, NC.
Responsibilities:
The Enterprise Information Security Specialist I is responsible for supporting the primary areas within the National Information Security Assurance (NISA) function: Provides subject matter expertise and support for the information security policy direction for the company system and the associated automated system (Rsam) that supports the NIST based security framework. Responsible for fielding security practioner questions about the use of the automated system, and its functionality
Additionally, maintains user guides and associated procedure documents for the automated system and the associated operating procedures
Also, will work with security practioners to assess, analyze and interpret enhancement requests; and work with system admins and developers to develop functional requirements/specifications for the automated system in support of the NIST based security framework
Duties may also include working with policy, procedures, standards, risk management and exception processes; supports the enterprise information security performance program to develop and assess composite risk metrics and compliance statistics as a holistic measure of the company's information security posture; and provides analytical support for informed strategic and tactical decision-making on the company's information security program by assessing and communicating enterprise-level information security risk and security program gaps.
Qualifications:
Evaluation, enhancement and support of information security strategy, policy, standards, and processes
Intermediate knowledge of IT related industry governance and controls best practices and regulations (e.g., SOX/COSO, COBIT, ITIL)
Experience with Rsam GRC Tool or equivilant. 2.IT System Operations Support preferred
Requires intermediate
job
knowledge and results in several of the following areas: Evaluation, enhancement and support of information security strategy, policy, standards, and processes, including standards development, risk management, compliance management, and information security-related processes and procedures
Assessment of the effectiveness of an enterprise information security program through the analysis and correlation of enterprise-wide IT vulnerability and risk assessments, information system control deficiencies, risk mitigate techniques, and control implications in a heterogeneous IT environment, including operating systems, network, middleware, database, contingency, distributed computing, mainframe, etc., Involves the development of related performance metrics and risk indicators for
executive
level reporting
Information security related industry practices, standards and regulations (e.g., ISO 17799/27001, NIST, GLBA, HSPD-12)
Intermediate knowledge of IT related industry governance and controls best practices and regulations (e.g., SOX/COSO, COBIT, ITIL)
Requires strong interpersonal skills to effectively promote ideas at the System level, and promote collaboration and encourage teamwork in same or across department/division/organization as part of project teams/matrix's management
Requires strong analysis and decision making skills to facilitate resolution of highly complex information security compliance and risk issues, and to promote an effective controls environment across the enterprise
Requires strong command and interpersonal, oral, and written communication skills to prepare and present executive and management level briefings and reports related to information security performance, enterprise-wide assessments, and compliance
Prepare presentations, interact and communicate with all management and staff levels across the System and various internal and external entities
Requires a high degree of cooperation, tact, and persuasion
Broad knowledge of IT security systems, processes and procedures, including intrusion detection, firewall technologies, and identity and access management is highly desirable
May require advanced knowledge of and ability to apply formal project management methodology and the application of the PMBOK, as used within the company, as well as industry standard best practices in project management
Bachelor's or Master's degree in information security, information technology,
computer
science or related technical field is preferred, three to seven years of information security, information risk management, and/or information assurance is preferred, or an equivalent combination of education and job-related experience equal to 4 - 7 years
Prior experience in IT operations processes and controls is desirable. Prior company knowledge and experience is desirable. Certification: CISSP, CISA, CISM is desirable.Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
