Enterprise security compliance consultant
Location
Pleasanton, CA | United States
Job description
Title: Enterprise Security Compliance Consultant
Location: Vacaville, CA or Pleasanton, CA
Duration: 24 months
CISA, CISM, and/or CISSP Certification is required
Job Description:
Consultant will lead staff in the implementation and execution of technical aspects of Enterprise Security Plan. Consultant will continue to be the subject matter expert on security issues/projects so that ESEC team members can increase their security knowledge.
The tasks for the Security Analyst include, but are not limited to, the following:
- Conduct the most complex Risk Assessments (RAs)
- Provide in depth security knowledge and consultation when analyzing security risks (e.g., analyzing security related reports; evaluating security risks impacting State Fund; and making recommendations to all State Fund programs including Enterprise Procurement)
- Develop and maintain security policies and standards based on security frameworks and industry standards including the identification of risk rating for each security control
- Train/mentor new/existing ESEC team members on RAs/BRDs/TDDs/security defects (e.g., identify applicable security risks and mitigating controls; review for adherence to the System Engineering Handbook/Security Policies & Standards)
- Develop/maintain procedures (e.g., RA/BRD/TDD/security defects)
- Perform analysis on the most complex Security Incident Response (SIR) tickets as needed
- Attend meetings/Represent Information Security for all security matters
- Act as Lead/Co-Lead/Backup on assigned Information Security projects
Professional Skills:
The Consultant resources(s) shall possess most of the following skills:
- Strong analytical and critical thinking skills
- Excellent written and oral communication skills to effectively communicate across all levels of the organization
- Proven ability to present to a Senior Management Level and Executive audience
- Working experience of security, policy compliance, and governance frameworks including the
- NIST-800 series, PCI, ISO 27001/27001, ITIL, and COBIT
- Expert knowledge in security project management practices
- Self-motivated/Self-Starter/Proactive, working closely and actively communicating with team members to accomplish time critical tasks and deliverables
- Working experience in a highly regulated environment and managing information risks and expectations across multiple stakeholder groups
- Working experience of emergent security risks
- Convey and explain complex problems and solutions in an understandable language to both technical and non-technical persons
- Think creatively and critically, analyzing complex problems, weighing multiple solutions, and carefully selecting solutions appropriate to the business needs, project scope, and available resources
- Take responsibility for the integrity of the solution
- Ability to be a strategic thinker
- Demonstrated ability to influence others
- Experience in managing multiple projects
- 5+ Years experience in information security
Report this job
- Dice Id: 10443894
- Position Id: 8211744
Job tags
Salary