IS Security Risk Analyst # JN -012020-51218
Education & certifications:
- Bachelor' s Degree in Computer Science, Information Technology or related degree.Associates Degree in Computer Information Systems / Technology
- OR 2-year degree in Computer Science, Information Technology or related degree plus 2 years of related IT experience (8 years).
- OR Certification from an approved vendor or technical institute
- OR Extra 4 years of related work experience (10 years of related work experience).
- CISSP, CISA, CISM, MCSE, GIAC or equivalent security / infrastructure certification (Required)
Candidate Technical Background: (Updated 05.27.14)
- 6 years of I/T experience including 4 years of IT security, risk assessment and/or compliance
- Experience with NIST, FISMA, COBIT, SSAE16, PCI, SOX, HIPAA, or other regulatory requirements.
- Experience working on Security Management Plan
- Experience with working on vulnerability matrices
- Experience with the scanning and remediation of I/S assets using automated tools is beneficial (i.E. Nessus, AppDetective, Vanguard, etc.).
- Knowledge of technical security controls from NIST, DISA, USGCB, etc. Compliance domains across multiple platforms.
- Deep understanding of security risk exposures and how vulnerabilities can be translated into business risk that leadership understands.
- Advanced knowledge on security risk assessment execution.
- Expert level knowledge on risk mitigation strategies.
- Excel expert with the ability to analyze, trend and forecast from high volumes of compliance data.
- Proficient with MS Word.
Preferred / highley desired background:
- Experience with compliance programs within a government agency (i.E. Medicare, Tricare) is preferred.
- Any experience with Visio or PowerPoint a plus.
- Any experience with DoD, DIARMF or FedRamp program are a plus.
- SQL experience a plus.
- Works well with others and is able to appropriately accept the suggestions and ideas of other employees.
- Excellent communication and interpersonal skills.
- Strong team player with ability to adapt to change.
- Ability to work across organizational boundaries to obtain information and accomplish goals.
- Able to mentor less experienced team members.
- Ability to work on complex enterprise level projects as a security subject matter expert.
- Ability to speak and communicate with executive level audiences.
- Ability to prepare formal written presentations for a wide audience.
Daily job responsibilities:
- Defining, documenting and implementing Information Security standards and policies across the enterprise
- Working with external auditors to provide support as needed
- Reviewing customer contracts, RFP s and requirements for appropriateness
- Establishing and maintaining an overall information security program
- Assuring industry advisories, alerts or other requirements are acted upon in an appropriate and timely manner
- Assuring incident response measures are in place to respond to information security events
- Assessing the information security on a periodic basis
- Providing information security related guidance to I/S
- Working with Line of Business (LOB) security officers to coordinate efforts
- Maintaining a repository of information security data and compliance guidance
- Providing Corporate Security Council coordination and support
System(s) the contractor will interact with/be responsible for:
- Internal Riskdoc Database that houses waivers and exception documentation
Primary working relationship(s) inside and outside the organization:
- Project Leaders/Project Managers, internal customers (i.E. Palmetto GBA, CGS, CDS, PGBA and Commercial/Corporate), System Security Officers, all levels of I/S Management and Internal Customer Management, internal and external auditors, I/S staff
- 40% - Conduct procedural and operational review of information security processes and system controls against corporate, government, and internal I/S compliance standards.
- 40% - Provide guidance to I/S functional teams with the implementation, monitoring, and reporting of control processes, documentation, and compliance measures.
- 10% - Evaluate technology and business-related controls for integrating business and information system security and risk mitigation efforts.
- 10% - Develop and implement tools to support automated risk assessment and compliance efforts.
- Good communication and interpersonal skills. Strong analytical skills. Strong mental flexibility with willingness to rethink traditional assumptions and gain new perspective.