DAILY JOB RESPONSIBILITIES:
- Defining, documenting, and implementing Information Security standards and policies across the enterprise
- Working with external auditors to provide support as needed
- Reviewing customer contracts, RFP’s and requirements for appropriateness
- Establishing and maintaining an overall information security program
- Assuring industry advisories, alerts, or other requirements are acted upon in an appropriate and timely manner
- Providing information security-related guidance to I/S
- Working with Line of Business (LOB) security officers to coordinate efforts
- Maintaining a repository of information security data and compliance guidance
- Providing Corporate Security Council coordination and support
CANDIDATE TECHNICAL BACKGROUND:
- 6 years of I/T experience including 4 years of IT security, risk assessment, and/or compliance experience.
- Experience with NIST, FISMA, COBIT, SSAE16, PCI, SOX, HIPAA, or other regulatory requirements.
- Experience working on Security Management Plan
- Experience with working on vulnerability matrices
- Experience with the scanning and remediation of I/S assets using automated tools is beneficial (i.e. Nessus, AppDetective, Vanguard, etc.).
- Knowledge of technical security controls from NIST, DISA, USGCB, etc. compliance domains across multiple platforms.
- Deep understanding of security risk exposures and how vulnerabilities can be translated into the business risk that leadership understands.
- Advanced knowledge of security risk assessment execution.
- Expert-level knowledge of risk mitigation strategies.
- Excel expert with the ability to analyze, trend, and forecast from high volumes of compliance data.
- Proficient with MS Word.
PREFERRED / HIGHLY DESIRED BACKGROUND:
- Experience with compliance programs within a government agency (i.e. Medicare, Tricare) is preferred.
- Direct experience with NIST 800-53 security frameworks.
- Any experience with Visio or PowerPoint a plus.
- Any experience with DoD, DIARMF or FedRamp program are a plus.
- SQL experience a plus.