Job Id: MI-565402 (912790628)
Security PM/ Auditor (PMP/CISSP/CSX/CISA) with MS Project, PCI DSS, FISMA, OWASP, NIST, IRS and Banking/ Financial Industry Experience
Location: Operations Building, Dimondale MI (CSS-EPMO)
Duration: 12 Months (US Citizens only)
Agency Interview Type: In Person
Skill Required / Desired Amount of Experience
Solid skills in project management utilizing a formal project management methodology. Required 7 Years
Solid skills in project scheduling utilizing a project scheduling tool such as MS Project. Required 7 Years
Solid skills in Microsoft Word, Excel and PowerPoint. Required 7 Years
Strong leadership and communication skills. Required 7 Years
Ability to communicate technical terminology at levels appropriate to the audience both orally and in writing. Required 7 Years
Experience in project planning, scheduling, tracking, issue/risk management, and status reporting. Required 7 Years
Experience in working with Senior Management Desired 5 Years
Project Management Professional certification from PMI. Required
Technical Security Certification preferred.? Examples: CISSP, CSX, or CISA Desired
Experience developing Project Charter, Project Communication Plan, Risk/Issue Plan, Resource Plan and definition of budget estimates. Required 7 Years
Experience managing PCI and IRS projects. Required 3 Years
US Citizens only Required
The required position is for a Senior Project Manager to lead multiple Information Technology (IT) projects in support of the Michigan Department of Treasury. As a member of the Project Management Office (PMO), the project manager will follow the State’s SUITE methodology (and required deliverables), and utilize the State’s Project and Portfolio Management (PPM) too, to perform project planning through project closeout.
Skills, Experience and Qualification Areas for Audit, Assurance and Compliance Projects
• 5 to 10 years or more experience working in regulated financial industry or in a financial organization / department. Examples:?
o FDIC or IRS
o ?Federal / State / Large Local Government Treasury Departments
o University or Research organization which operates under PCI, IRS, FERPA, GLBA, or similar regulations.
• 5 years+ IT Compliance, IT Security or IT Audit Experience involving?the following technology areas:?technology architecture, data center controls, databases and data management, application life cycle, encryption and key management, server management, networking, vulnerability management, incident management, business continuity and disaster recovery.?
• Ability to research, appropriately interpret and apply complex regulations, technical standards and guidance. Examples:
o IRS Tax Code – IRS IRC 61016 and?IRS Publication 1075
o NIST Technical Series Publications
o Payment Card Industry Data Security Standards (PCI DSS)
o Federal Information Security Management Act (FISMA)
o Sarbanes Oxley 404 -? General IT Controls
o Open Web Application Security Project (OWASP)
• Working knowledge of PCI DSS, IRS Safeguards Reviews, and / or other regulatory or compliance type reviews, attestation engagements, etc.
• General understanding of penetration testing, host vulnerability scanning, network security and application (code) scanning.
• Demonstrated ability to assess risk, with a general understanding of compensating and mitigating controls.
• Ability to understand the audit lifecycle, system development lifecycle and IT project lifecycle.?
• Demonstrated ability to summarize technical information in a manner appropriate for executives.
• Demonstrated ability to successfully lead and coach teams comprised of both functional and technical personnel.? Demonstrated ability to work across a complex network of stakeholders, technology teams, business teams, vendors /other supporting external parties.
• Contract Management Experience. (May need to work with vendors who are operating under various, different SOM contracts. May need to contribute to / provide project management skills for Pen Test Statement of Work, PCI QSA Statement of Work and other SOWS for remediation.)
Responsibilities for PCI and IRS Program / Project Manager:
• Manage cyber security, infrastructure teams, agency application teams, vendors, third-party auditors, and client sponsor team to earn the annual Report on PCI Compliance and the triennial IRS Safeguards Review Engagement. Team sizes of ~ 100 to 250 members across 16 agencies.
• Work with the sponsors to coordinate the annual PCI on-site assessment and triennial IRS Safeguards On-Site Review. Provide metrics to demonstrate resource need.
• Lead and / or participate in PCI?Core Team Meetings and IRS Safeguards Review Core Team Meetings
• Lead / Co-Lead PCI Steering Committee Meetings and IRS Safeguards Review Steering Committee
• Manage quarterly data loss prevention / inspection activates
• Manage and escalate issues where PCI compliance may be at risk.
• Working with the Treasury Sponsor, track and report on the PCI compliance status of payment processes and applications so that enterprise level compliance can be determined.
• Track and report on the remediation plans and timelines associated with PCI gaps / vulnerabilities.
• Coordinate the delivery of annual PCI Application Training for developers
• Working with the Agency and Technology Sponsors and PCI Core Team host the annual PCI Kick-Off Meeting
• Working with the Agency and Technology Sponsors, to plan for and host the IRS Safeguards On-site Review
• Track effort and costs associated with the Compliance Projects (e.g., PCI and IRS Safeguards)
• Prepare status reports for various audiences (general stakeholders, technical participants, business/functional participants and executives)
• Collect, organize and analyze evidence demonstrating PCI Compliance
• Lead sessions to develop compensating controls and risk management plans
Preferred Desired Skills
• Technical Security Certification preferred.? Examples: CISSP, CSX, or CISA.
Project Management Certifications required: PMP