• Find preferred job with Jobstinger
  • ID
    #6253680
  • Job type
    Contract
  • Salary
    Depends on Experience
  • Source
    Reddaiah, Inc
  • Date
    2020-11-24
  • Deadline
    2021-01-23
 
Contract

Vacancy expired!

Information Systems Security Officer

Job Description

Duties and Responsibilities:
  • Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk.
  • Advise senior management (e.g., Chief Information Officer [CIO]) on risk levels and security posture.
  • Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, systems, and elements.
  • Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.
  • Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance.
  • Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment.
  • Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk.
  • Knowledge of computer networking concepts and protocols, and network security methodologies.
  • Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  • Knowledge of cybersecurity and privacy principles.
  • Knowledge of cyber threats and vulnerabilities.
  • Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
  • Knowledge of Personally Identifiable Information (PII) data security standards.
  • Knowledge of Payment Card Industry (PCI) data security standards.
  • Knowledge of Personal Health Information (PHI) data security standards.
  • Knowledge of data loss prevention (DLP).

Additional Update from Customer :- We need someone who can apply the state's IT Security Manual to MSDE and handle the varied and complex day-to-day work of bringing MSDE into compliance with best practices, tools, and policies and procedures. Experience building a security framework process is critical. Most of the resumes you have sent over are for individuals who have worked as part of a security team in the past and this job is more independent, as in building security compliance from scratch or from front to back. The person in this position will have to have either started a security program from scratch or inspire us with the ability to articulate how to do that across a large organization with 4 child agencies. Bringing MSDE into compliance is the majority of the job, but working with the local school systems is another, writing policy documents (or at least building frameworks for such), implementing security policies, monitoring them, etc. Another issue is that a lot of people today, based on the resumes, are coming into security with a limited technical background. If you don’t have a technical background that relates to security in some way in terms of hands-on work you don’t know what you are building. People without the technical may be able to use general best practices and apply the NIST framework to the MSDE environment but, ideally, we would have someone who could do both the policy side and the technical. I am talking about basic security technology, like how to configure a firewall (not maintain a firewall as that would be the SOC) and understand how it works. Another example, how do you analyze a database for security controls? Those are just two examples and they are not intended to be prescriptive requirements of the position but, rather, examples to illustrate what I mean by technical. The person in this role needs to be a self starter, needs to be able to navigate minefields, not just security related, but also of a large political environment with competing priorities and personalities, both at the state and district level. If you can find someone with significant experience, who can reason it all out, starting from scratch, analyzing controls, interviewing division heads, developing policies and procedures, being the POC for the SOC, being able to speak well on thought calls and being knowledgeable about security from a global perspective, as well as step-by-step, versus just having been a member of a team, I think we will be able to move forward.

Vacancy expired!

Report job

Related Jobs

Jobstinger