Job ID: MS-70301 (90090409)3P
(Cancelled) Security Analyst with networking, cyber security and CIS/NIST/ISO experience
Location: Jackson MS (PERS)
Duration: 36 Months
Cyber security consulting 5+
Systems and Network Administration 5+
Implementation of security frameworks such as CIS, NIST and ISO 5+
PERS is seeking to obtain the services of a cybersecurity consultant to provide guidance with regard to implementation of the CIS security controls, our incident response planning, and the continued development of our data and systems security strategy. The consultant will report to both the PERS Chief Information Officer (CIO) and the Senior Deputy Administrator (SDA) of Administrative Services and offer counsel and guidance to them. Additionally, the consultant will provide advice to members of the PERS’ cybersecurity team which has been meeting bi-monthly monthly to discuss security related activities and review status updates of our security initiatives.
We believe that the consultant will be able to complete the desired level of participation in an advisory role by providing an estimated 2-4 days (16 – 32) hours of consultation per month.
PERS has identified the following cybersecurity consulting activities to be performed utilizing the established Knowledge Services contract:
Serve as a point of contact for the SDA and CIO with regard to CIS standards, including best practices and how best to prioritize certain steps. Additionally, the consultant will offer feedback and guidance to members of the cybersecurity team as they continue to move forward with security initiatives in accordance with security industry standards.
Additional services to be provided include:
• Upon request by PERS’ cybersecurity team members, provide consultation and assistance in working through detailed documentation associated with certain CIS Controls to help determine a practical approach for implementation and achieving an acceptable level of compliance based upon industry standards.
• Assist PERS’ cybersecurity team in establishing attainable goals (with target dates) for implementing all CIS Controls and provide coaching on how to effectively prioritize and manage the implementation activities in order to meet the established goals.
• Provide high-level review, consultation, and advice related to security policies, procedures, and documentation being developed and maintained by PERS’ cybersecurity team including the Incident Response Plan.
• Provide consultation and advice to PERS’ cybersecurity team related to our review and evaluation of third-party vendors who provide breach coach and forensics services in the event of a security breach.
• Participate in scheduled cybersecurity team meetings, and provide feedback, advice, and guidance concerning security related issues and topics. Consultant may participate on-site, by phone, or by Microsoft Teams or similar products such as Zoom.
• At a high level provide advice to the SDA and CIO, concerning the effectiveness of PERS’ efforts to address cybersecurity industry threats, vulnerabilities and trends.
• Provide a quarterly progress report to the SDA and CIO which includes a high-level assessment of PERS’ current progress in building and maintaining a mature cybersecurity program that provides adequate protection from contemporary cybersecurity threats, as well as identifying emerging cyber risks and threats for which a response is needed.