Security Analyst (CISSP/CISM/CISA/CRISC) with Incident Response, Disaster Recovery (DR) and Business Continuity, NIST/ISO/COSO/SANS, cloud architecture/security, cyber threats/vulnerabilities and privacy principles experience

Job ID: NY-02192019 (99990218)5P

Security Analyst (CISSP/CISM/CISA/CRISC) with Incident Response, Disaster Recovery (DR) and Business Continuity, NIST/ISO/COSO/SANS, cloud architecture/security, cyber threats/vulnerabilities and privacy principles experience

Location: 335 Adams Street, Suite # 2300, Brooklyn, New York (NYCERS)
Duration: 12-36 months (start date in May)
Interview: In-person ONLY
Positions: 3 (3/3)
Visa: GC/USC/W2/1099 (no c2c)

1.Mandatory Skills: Candidates must meet all the requirements below to be considered for the Senior Information Security Professional:
•Candidate must possess at least two of the following certifications: CISSP, CISM, CISA, CRISC.
• Extensive and proven knowledge in Incident Response, Disaster Recovery and Business Continuity
• Knowledge of Risk Management Frameworks (NIST, ISO, COSO)
• Knowledge of Cyber Security Frameworks (NIST, ISO, SANS)
•Excellent interpersonal, communication, presentation, writing, analytical, problem solving, and information gathering skills along with fundamental troubleshooting abilities.
•Ability to train and mentor Information Security team members to meet the highest industry standards.
•Strong analytical skills demonstrated by the ability to receive and analyze requirements and propose a suitable solution.

2. Preferred Experience:
• Knowledge and experience with cloud architecture and security.
• Knowledge and experience managing business and Cyber Security risks.
• Knowledge and experience working with cyber threats and vulnerabilities.
• Skills to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Tasks and Deliverables
The consultant’s primary responsibilities will include the enhancement of the agency’s Incident Response, Disaster Recovery and Business continuity exercises to identify gaps, operational processes and compliance requirements. He/she will implement a robust Data Security Program, under the direction of the Deputy Director of Information Security and Cyber Security and assist with formalizing and documenting risk analysis and assessment techniques and procedures with the team.

In addition, the Security consultant will be tasked with maturing the agency’s information security program by implementing task oriented activities defined in the program. The consultant must have knowledge in the area of IT Security Governance and Security Architecture, including cloud security knowledge and expertise.