Job ID: NC-633000 (913090723)
Security Analyst/Director (CISSP / CISA / CCSP) with AWS/Azure/GCP, HIPAA , Soc2 Type2, FedRamp, HITRUST compliance reports, OWASP and web and database security assessments experience
Location: Raleigh NC (NCDHHS)
Duration: 6 months
Interview: Either Webcam Interview or In Person
Positions: 1 (1/2)
Skills:
CISSP / CISA / CCSP / Any security specialty certification on one of the leading cloud platforms (AWS/Azure/GCP)Required
Performing the security assessments using NIST 800-53 r4 security controlPRequired5Years
HIPAA Privacy & Security complianceRequired3Years
Experience reviewing Soc2 Type2, FedRamp, HITRUST compliance reportsRequired3Years
Knowledge of cloud native security services provided by the AWS/Azure/GCP cloud platformsRequired
Experience in performing the network, web and database security assessments.Required
Familiar with the tools and techniques to find and remediate OWASP TOP 10 vulnerabilities of web applicationsRequired
Experience in performing penetration testing on the web applications deployed on the cloud platformRequired
Must be able to demonstrate excellent program management, negotiation, communication and problem-solving skills. Responsible for working with both senior-level business executives and IT personnel to define and execute program requirements and manage stakeholder expectations. Strategically plan and manage initiatives consisting of program components that meet Departmental, State and other stakeholder expectations. Responsible for the leadership, direction and oversight of the project team(s) and of all vendor related activities tied to the program. Report to Sr. Executive Management. Authorize and manage internal and external relationships (agency, Federal, vendor, and other State agencies) and dependencies across initiative components to ensure successful delivery of the program. Responsible for establishing and executing adequate project management controls based on industry accepted methodologies and standards. These controls include the responsibility to monitor and control cost, schedule, performance and risk; to ensure quality and security; overall integration and issues resolution and to perform administrative functions.
•Experience in performing the security assessments using NIST 800-53 r4 security controls.
•Experience in implementing the controls for HIPAA Privacy & Security compliance.
•Experience in reviewing the Soc2 Type2, FedRamp, HITRUST compliance reports
•Proficient in using the vulnerability management tools and remediating those identified vulnerabilities.
•Experience in performing the network, web and database security assessments.
•Familiar with the tools and techniques to find and remediate OWASP TOP 10 vulnerabilities of the web applications.
•Experience in performing penetration testing on the web applications deployed on the cloud platform.
•Knowledge of cloud native security services provided by the AWS/Azure/GCP cloud platforms.
CISSP / CISA / CCSP / Any security specialty certification on one of the leading cloud platforms (AWS/Azure/GCP
NC_Resume_Template-NW-633000.docx