13 Apr
IT Security Specialist
Vacancy expired!
- Develops, implements, and maintains area wide security standards, guidelines, policies, and procedures based on best practices and compliance requirements; recommends security enhancements;
- Ensures ongoing security compliance and prevents the unauthorized use, release, modification, or destruction of data;
- Oversees the development of risk programs to achieve required risk tolerance levels; assists departments to establish appropriate risk levels;
- Designs secure business processes in conjunction with client departments, based upon defined risk tolerance levels;
- Works with the security engineers to schedule testing of systems (scans, system test and evaluation) and examines active monitoring to ensure controls are in place and are effective;
- Evaluates security incidents, develops solutions, and communicates results to technical staff and management;
- Collaborates with the department IT managers outside of the Technology Services and Solutions to ensure information security and privacy risks are identified, documented and addressed in a timely manner; tracks corrective action plans;
- Provides consulting, training, and security awareness services to other departments to effectively interact with Client Information Security and leverage centralized control capabilities within their operating environment;
- Conducts information security risk assessments within the Technology Services and Solutions and on an enterprise-wide basis;
- Conducts periodic departmental security audits; identifies noncompliance and recommends corrective actions to comply with Federal regulations and Client policy;
- Advises management of risks and best security practices; prepares status reports for managers regarding compliance issues and provides regulatory updates;
- Enforces information security standards, guidelines, policies, and procedures;
- Leads key cross-functional efforts to assess and improve the control environment or ensure regulatory compliance;
- Leads key cross-functional efforts to assess and improve the control environment or ensure regulatory compliance;
- Assesses the impact of external actions on computer systems and networks and determines whether the Client has been subjected to a system failure, a computer related crime, or potentially hostile information warfare;
- Conducts security research to stay abreast of security issues and industry trends;
- Sufficient education, training, and experience to demonstrate the ability to perform the above tasks and the attainment of the knowledge and abilities listed below.
- Five (5) years of increasingly responsible experience in the information security technology field. Experience with project management; direct audit activities; information assurance; risk management; or in a compliance environment, with emphasis in IT or Healthcare, is desirable
- Certification in audit and/or risk management such as Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), and/or Certified Information Systems Security Professional (CISSP) preferred.
- IT security principles, practices, terminology and trends;
- Risk and threat assessment process and practices;
- Information security risks, controls, regulatory guidelines, and industry standards related to information security;
- Industry best practices in risk identification, mitigation, and control assessments;
- Laws and regulations outlined in the Federal Information Security Management Act (FISMA) framework;
- Federal Risk and Authorization Program (FedRAMP);
- National Institute of Standards and Technology (NIST) Risk Management Framework.
- Conduct information security risk assessments and security audits on an enterprise-wide basis;
- Conduct independent systems analysis of complex business processes;
- Test and monitor security controls;
- Identify noncompliance and recommend corrective action; lead or work collaboratively with Client staff on issues of compliance and risk management;
- Enforce information security standards, guidelines, policies, and procedures;
- Define and discern key aspects of a problem and develop an integrated solution within a broad technical and business context;
- Develop, maintain, and recommend enhancements to risk programs, standards, guidelines, policies, and procedures;
- Communicate risk status to various levels of management;
- Identify, gather, and analyze key risk data and propose remediation actions when necessary;
- Lead multi-department risk assessment projects requiring coordination with numerous stakeholders and oversight bodies; plan and manage projects;
- Prepare a variety of reports;
- Learn Health Insurance Portability and Accountability Act (HIPPA) Security and privacy rules and requirements for Payment Card Industry compliance;
Vacancy expired!