IS Security Risk Analyst # JN -012020-51218

Columbia, SC

Posted: 01/14/2020 Industry: Networking / Security Job Number: JN -012020-51218

Job Description

Education & certifications:
  • Bachelor' s Degree in Computer Science, Information Technology or related degree.Associates Degree in Computer Information Systems / Technology
  • OR 2-year degree in Computer Science, Information Technology or related degree plus 2 years of related IT experience (8 years).
  • OR Certification from an approved vendor or technical institute
  • OR Extra 4 years of related work experience (10 years of related work experience).

  • CISSP, CISA, CISM, MCSE, GIAC or equivalent security / infrastructure certification (Required)

Candidate Technical Background: (Updated 05.27.14)
  • 6 years of I/T experience including 4 years of IT security, risk assessment and/or compliance
  • experience.
  • Experience with NIST, FISMA, COBIT, SSAE16, PCI, SOX, HIPAA, or other regulatory requirements.
  • Experience working on Security Management Plan
  • Experience with working on vulnerability matrices
  • Experience with the scanning and remediation of I/S assets using automated tools is beneficial (i.E. Nessus, AppDetective, Vanguard, etc.).
  • Knowledge of technical security controls from NIST, DISA, USGCB, etc. Compliance domains across multiple platforms.
  • Deep understanding of security risk exposures and how vulnerabilities can be translated into business risk that leadership understands.
  • Advanced knowledge on security risk assessment execution.
  • Expert level knowledge on risk mitigation strategies.
  • Excel expert with the ability to analyze, trend and forecast from high volumes of compliance data.
  • Proficient with MS Word.

Preferred / highley desired background:
  • Experience with compliance programs within a government agency (i.E. Medicare, Tricare) is preferred.
  • Any experience with Visio or PowerPoint a plus.
  • Any experience with DoD, DIARMF or FedRamp program are a plus.
  • SQL experience a plus.

Behavior characteristics:
  • Works well with others and is able to appropriately accept the suggestions and ideas of other employees.
  • Excellent communication and interpersonal skills.
  • Strong team player with ability to adapt to change.
  • Ability to work across organizational boundaries to obtain information and accomplish goals.
  • Able to mentor less experienced team members.
  • Ability to work on complex enterprise level projects as a security subject matter expert.
  • Ability to speak and communicate with executive level audiences.
  • Ability to prepare formal written presentations for a wide audience.

Daily job responsibilities:
  • Defining, documenting and implementing Information Security standards and policies across the enterprise
  • Working with external auditors to provide support as needed
  • Reviewing customer contracts, RFP s and requirements for appropriateness
  • Establishing and maintaining an overall information security program
  • Assuring industry advisories, alerts or other requirements are acted upon in an appropriate and timely manner
  • Assuring incident response measures are in place to respond to information security events
  • Assessing the information security on a periodic basis
  • Providing information security related guidance to I/S
  • Working with Line of Business (LOB) security officers to coordinate efforts
  • Maintaining a repository of information security data and compliance guidance
  • Providing Corporate Security Council coordination and support

System(s) the contractor will interact with/be responsible for:
  • Internal Riskdoc Database that houses waivers and exception documentation

Primary working relationship(s) inside and outside the organization:
  • Project Leaders/Project Managers, internal customers (i.E. Palmetto GBA, CGS, CDS, PGBA and Commercial/Corporate), System Security Officers, all levels of I/S Management and Internal Customer Management, internal and external auditors, I/S staff

Job description:
  • 40% - Conduct procedural and operational review of information security processes and system controls against corporate, government, and internal I/S compliance standards.
  • 40% - Provide guidance to I/S functional teams with the implementation, monitoring, and reporting of control processes, documentation, and compliance measures.
  • 10% - Evaluate technology and business-related controls for integrating business and information system security and risk mitigation efforts.
  • 10% - Develop and implement tools to support automated risk assessment and compliance efforts.

Behavior Characteristics:
  • Good communication and interpersonal skills. Strong analytical skills. Strong mental flexibility with willingness to rethink traditional assumptions and gain new perspective.

Apply Online

Send an email reminder to:

Share This Job:

Related Jobs:

Login to save this search and get notified of similar positions.