Request ID:IN-8488-1 (910291123)
Security Analyst with PCI/NIST, audit, IRS SCSEM, Malware, risk/vulnerability assessment, SSP, networking, databases, application/web security and tax experience
Location:Columbia SC
Duration:12 Months
REQUIRED SKILLS (RANK IN ORDER OF IMPORTANCE):
ABILITY TO INSTALL AND USE VARIOUS SECURITY TOOLS
APPLICATION SECURITY
EXPERIENCE IN PROJECTS INVOLVING PCI/NIST SECURITY IMPLEMENTATIONS AND/OR AUDITS
INFORMATION SECURITY PRINCIPLES AND PRACTICES
IRS SAFEGUARD COMPUTER SECURITY EVALUATION MATRIX (SCSEM)
IT SECURITY
MALWARE
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY CONTROLS
RISK/VULNERABILITY ASSESSMENTS
SECURITY – KNOWLEDGE IN NETWORKING, DATABASES, SYSTEMS AND WEB OPERATIONS
SSP
REQUIRED EDUCATION/CERTIFICATIONS:
BACHELOR DEGREE IN TECHNOLOGY FIELD: OR At least 10 years of experience specific to security.
Experience
Network SecurityAbility to install and use various security toolsYes1LeadCurrently Using4 – 6 Years
Network SecurityApplication SecurityYes1LeadCurrently Using4 – 6 Years
Network SecurityExperience in projects involving PCI/NIST security implementations and/or audits.Yes1LeadCurrently Using4 – 6 Years
Network Securityinformation security principles and practicesYes1LeadCurrently Using4 – 6 Years
Network SecurityIRS Safeguard Computer Security Evaluation Matrix (SCSEM)Yes1LeadCurrently Using4 – 6 Years
Network SecurityIT SecurityYes1LeadCurrently Using4 – 6 Years
Network SecurityMalwareYes1LeadCurrently Using4 – 6 Years
Network SecuritySecurity – Knowledge in networking, databases, systems and Web operationsYes1LeadCurrently Using4 – 6 Years
Network SecuritySSPYes1LeadCurrently Using4 – 6 Years
Networking & DirectoriesInformation SecurityYes1LeadCurrently Using4 – 6 Years
SCOPE OF THE PROJECT:
EVALUATES EXISTING AND PLANNED TECHNOLOGY ENVIRONMENTS OF THE AGENCY, VENDORS AND OTHER PARTNERS, FOR COMPLIANCE WITH INFORMATION SECURITY POLICIES AND STANDARDS. RECOMMENDS INFORMATION SECURITY MEASURES AND PRACTICES, IN CONTEXT OF THE AGENCY’S BUSINESS GOALS, TO SAFEGUARD INFORMATION ASSETS IN ACCORDANCE WITH APPLICABLE FEDERAL, STATE, AGENCY AND INDUSTRY POLICIES, STANDARDS AND BEST-PRACTICES. PARTICIPATES IN REVIEWS AND UPDATES OF SECURITY POLICIES, STANDARDS, PROCEDURES; AND OF THE EMPLOYEE SECURITY AWARENESS PROGRAM. CONTRIBUTES TO CREATION AND MAINTENANCE OF SECURITY COMMUNICATIONS, INFORMATION SHARING AND OTHER DOCUMENTATION NECESSARY TO PERFORM THE FUNCTIONS OF THE CISO DIVISION OF THE AGENCY.
KNOWLEDGE OF SECURITY ADMINISTRATION IN ONE OR MORE OF THE FOLLOWING AREAS OF TECHNOLOGY: NETWORK DEVICES, WORKSTATIONS, SERVERS, STORAGE TECHNOLOGY, SECURITY INSTRUMENTATION. ABILITY TO WRITE DETAILED SECURITY DOCUMENTATION ON TECHNICAL SECURITY ASSESSMENTS, POLICIES AND PROCEDURES. ANALYTICAL AND PROBLEM SOLVING SKILLS. KNOWLEDGE AND UNDERSTANDING OF INFORMATION RISKS CONCEPTS AND PRINCIPLES AS A MEANS OF RELATING BUSINESS NEEDS AND SECURITY CONTROLS. ABILITY TO COMMUNICATE WITH AUDIENCES WITH VARYING LEVELS OF TECHNICAL KNOWLEDGE. ABILITY TO ESTABLISH AND MAINTAIN EFFECTIVE WORKING RELATIONSHIPS TO EFFECTIVELY PERFORM JOB DUTIES THAT BY THEIR NATURE CREATE TENSION. KNOWLEDGE OF PROJECT MANAGEMENT.
DAILY DUTIES / RESPONSIBILITIES:
SECURITY REVIEWS OF NEW PROJECTS & TECHNOLOGY CHANGES — EVALUATES NEW INFORMATION TECHNOLOGY PROJECTS AND PROPOSED CHANGES TO EXISTING TECHNOLOGY FOR COMPLIANCE WITH SECURITY POLICIES AND STANDARDS. WORKS IN A COLLABORATIVE FASHION WITH PROJECT STAKEHOLDERS TO MAKE RECOMMENDATIONS THAT HELP ACHIEVE BUSINESS AND FUNCTIONAL GOALS, WHILE MEETING SECURITY REQUIREMENTS. CONDUCTS SECURITY REVIEWS IN ACCORDANCE WITH ESTABLISHED IT AND SECURITY PROCESSES.
PERIODIC/CYCLICAL COMPLIANCE ASSESSMENTS — PREPARES SECURITY PLANS AND PERFORMS PERIODIC/CYCLICAL SECURITY ASSESSMENTS AND RISK ASSESSMENTS OF THE AGENCY, VENDORS AND OTHER PARTNERS IN ACCORDANCE WITH SECURITY POLICIES AND STANDARDS, IN A MANNER THAT PROVIDES AN ACCURATE REPRESENTATION OF THE SECURITY POSTURE OF THE ENTITY BEING EVALUATED. DOCUMENTS PLANS, ASSESSMENTS, REVIEWS AND RESULTS IN THE FORM OF SYSTEM SECURITY PLANS, SYSTEM SECURITY ASSESSMENTS, RISK ASSESSMENTS, SUBJECT-MATTER REVIEWS, FINDINGS, AUTHORIZATIONS-TO-OPERATE AND OTHER DOCUMENTATION SPECIFIED BY POLICIES AND PROCEDURES. ASSISTS WITH THE PREPARATION OF DOCUMENTATION THAT IS REQUIRED TO BE SUBMITTED TO EXTERNAL AUTHORITIES, INCLUDING IRS, PCI DSS AND STATE AUTHORITIES. CONDUCTS ASSESSMENTS IN ACCORDANCE WITH ESTABLISHED SCHEDULE GOALS AND REQUIREMENTS.
SECURITY PROCESS ADMINISTRATION — ADMINISTERS AND MAINTAINS DOCUMENTATION, COMMUNICATION METHODS AND ARTIFACTS NECESSARY TO PERFORM THE FUNCTIONS OF THE CISO DIVISION OF THE AGENCY, INCLUDING REPORTS, METRICS, PROCEDURES, SHAREPOINT SITES, SHARED DRIVES, ETC.
SECURITY PROGRAM UPDATES — REVIEWS AND RECOMMENDS UPDATES TO SECURITY POLICIES, STANDARDS, PROCEDURES AND SECURITY AWARENESS PROGRAMS. READS AND RESEARCHES TO REMAIN KNOWLEDGEABLE AND CURRENT WITH CHANGES TO EXTERNAL REQUIREMENTS SUCH AS IRS, PCI DSS, STATE POLICIES AND INDUSTRY BEST-PRACTICES. RECOMMENDS AREAS IN WHICH NEW SECURITY PROCEDURES ARE NEEDED. WRITES OR CONTRIBUTES TO WRITING NEW SECURITY PROCEDURES