Goahead Solutions
Location
Vacaville, CA | United States
Job description
Seeking an Information Security Compliance Analyst to lead internal staff in the implementation and execution of technical aspects of an enterprise security plan. Will be the subject matter expert on security issues/projects to enable team members to increase their security knowledge. Looking for a
fast learner who can come up to domain knowledge speed quickly.
Duration: 12-24 months
Work locations: Pleasanton or Vacaville (onsite for the 1st week, onsite as needed onward)
Deliverables/duties:
-Conduct the most complex Risk Assessments (RAs)
-Provide in-depth security knowledge and consultation when analyzing security risks (e.g., analyzing security related reports, evaluating security risks impacting and making recommendations to all programs.
-Develop and maintain security policies and standards based on security framework and industry standards including the identification of risk rating for each security control.
-Train/mentor new/existing ESEC group members on RAs/BRDs/TDDs/security defects (e.g., identify applicable security risks and mitigating controls; review for adherence to the system engineering handbook/security-policies & standards).
-Develop/maintain procedures (e.g., RA/BRD/TDD/security defects)
-Perform analysis on the most complex Security Incident Response (SIR) tickets as needed
-Attend meetings/represent information security for all security matters
-Act as lead/co-lead/backup on assigned information security projects
-Provide skills enhancement at a satisfactory rate & report any issues that may impede the progress of training & mentoring.
-Provide input to contract executives to develop training & mentoring plans to include specific skill sets, tasks & training methodologies.
-Execute the training and mentoring plan(s) with internal employees and provide input to refine and further develop training and mentoring plans as training progresses.
-Meet and discuss progress of training of internal employees monthly.
-Document a training plan on the mentoring & skill enhancement planner & to monitor progress of training & mentoring with internal employee(s).
Technical working exp./skills:
At least 5 yrs. of Information Security experience and at least 2 yrs. of lead/management exp. performing a variety of progressively responsible technical & analytical work.
At least 5 yrs of Information Security practice exp:
-Technical security project management skills.
-Working experience using best practices standards & framework: ISO 27001/27002, PCI: DSS V4; GLBA; HIPPA/HITECH; NIST 800-53; CIS CONTROLS, NIST CSF, CIS RAM
- Hardware: Networks switches, routers, load balancers, servers, storage systems, end-user systems, mobile devices, or other devices that enable the organization to complete its mission
- Operating Systems: Unix, Linux, Windows
-Network: LAN, WAN, Internet, Proxy/Filtering, Firewall, VPN, DMZ
-Network protocols such as: TCP/IP, SNMP, SMTP, NTP, DNS, LDAP, NFS, SAMBA
-Databases: Oracle, SQL, MySQL
-Cloud platforms: IAAS, PAAS, SAAS
-Security concepts such as: Encryption or Hardening
-Security: GRC
-Active Directory
-Programming languages are a plus
Professional skills:
-Strong analytical and critical thinking skills
-Excellent written and oral communication skills to effectively communicate across all levels of the organization
-Proven ability to present to a senior management & executive level audience
-Working experience of security, policy compliance & governance framework including: NIST-800 series, PCI, ISO 27001/27002, ITIL & COBIT
-Expert knowledge in security project management practices
-Self-motivated/self-starter/proactive, working closely & actively communicating with team members to accomplish time critical tasks & deliverables
-Working experience in a highly regulated environment, managing information risks and expectations across multiple stakeholder groups. Working experience of emergent security risks.
-Convey and explain complex problems and solutions in an understandable language to both technical and non-technical persons
-Think creatively and critically, analyzing complex problems, weighing multiple solutions, and carefully selecting solutions appropriate to the business needs, project scope, and available resources
-Take responsibility for the integrity of the solution
-Ability to be a strategic thinker
-Demonstrated ability to influence others
-Exp. managing multiple projects
-At least 5 yrs. of information security exp.
-CISA, CISM, and/or CISSP certification is required.
Job tags
Salary
