13 Apr
IT Security Specialist
California, Santaclarita , 91350 Santaclarita USA

Vacancy expired!

Position: IT Security Specialist

Location:

Santa Clara, CA

Contract Term:

6 months

Submits Due: End of day Thursday (Need Resume & R2R-Email is fine)

Qty of Staff Needed: 1

# Submits Allowed to Client: 2

Position Title: IT Security Specialist, Remote (CA or West Coast Preferred)

Max Hourly Rate: Must be as competitive as possible

Start Date: May 10th (Tentative)

Overview:Under direction, to oversee and coordinate the assessment of information technology (IT) systems and applications; to evaluate the effectiveness of information security measures, Area wide; to develop and maintain information security standards, guidelines, practices, policies, and procedures; to ensure compliance with information security strategies and programs; and to provide training, awareness, and assistance to IT staff responsible for information security risk compliance and monitoring.

Typical Tasks:
  • Develops, implements, and maintains area wide security standards, guidelines, policies, and procedures based on best practices and compliance requirements; recommends security enhancements;
  • Ensures ongoing security compliance and prevents the unauthorized use, release, modification, or destruction of data;
  • Oversees the development of risk programs to achieve required risk tolerance levels; assists departments to establish appropriate risk levels;
  • Designs secure business processes in conjunction with client departments, based upon defined risk tolerance levels;
  • Works with the security engineers to schedule testing of systems (scans, system test and evaluation) and examines active monitoring to ensure controls are in place and are effective;
  • Evaluates security incidents, develops solutions, and communicates results to technical staff and management;
  • Collaborates with the department IT managers outside of the Technology Services and Solutions to ensure information security and privacy risks are identified, documented and addressed in a timely manner; tracks corrective action plans;
  • Provides consulting, training, and security awareness services to other departments to effectively interact with Client Information Security and leverage centralized control capabilities within their operating environment;
  • Conducts information security risk assessments within the Technology Services and Solutions and on an enterprise-wide basis;
  • Conducts periodic departmental security audits; identifies noncompliance and recommends corrective actions to comply with Federal regulations and Client policy;
  • Advises management of risks and best security practices; prepares status reports for managers regarding compliance issues and provides regulatory updates;
  • Enforces information security standards, guidelines, policies, and procedures;
  • Leads key cross-functional efforts to assess and improve the control environment or ensure regulatory compliance;
  • Leads key cross-functional efforts to assess and improve the control environment or ensure regulatory compliance;
  • Assesses the impact of external actions on computer systems and networks and determines whether the Client has been subjected to a system failure, a computer related crime, or potentially hostile information warfare;
  • Conducts security research to stay abreast of security issues and industry trends;

Training and Experience:
  • Sufficient education, training, and experience to demonstrate the ability to perform the above tasks and the attainment of the knowledge and abilities listed below.
  • Five (5) years of increasingly responsible experience in the information security technology field. Experience with project management; direct audit activities; information assurance; risk management; or in a compliance environment, with emphasis in IT or Healthcare, is desirable

Certifications:
  • Certification in audit and/or risk management such as Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), and/or Certified Information Systems Security Professional (CISSP) preferred.

Knowledge of:
  • IT security principles, practices, terminology and trends;
  • Risk and threat assessment process and practices;
  • Information security risks, controls, regulatory guidelines, and industry standards related to information security;
  • Industry best practices in risk identification, mitigation, and control assessments;
  • Laws and regulations outlined in the Federal Information Security Management Act (FISMA) framework;
  • Federal Risk and Authorization Program (FedRAMP);
  • National Institute of Standards and Technology (NIST) Risk Management Framework.

Ability to:
  • Conduct information security risk assessments and security audits on an enterprise-wide basis;
  • Conduct independent systems analysis of complex business processes;
  • Test and monitor security controls;
  • Identify noncompliance and recommend corrective action; lead or work collaboratively with Client staff on issues of compliance and risk management;
  • Enforce information security standards, guidelines, policies, and procedures;
  • Define and discern key aspects of a problem and develop an integrated solution within a broad technical and business context;
  • Develop, maintain, and recommend enhancements to risk programs, standards, guidelines, policies, and procedures;
  • Communicate risk status to various levels of management;
  • Identify, gather, and analyze key risk data and propose remediation actions when necessary;
  • Lead multi-department risk assessment projects requiring coordination with numerous stakeholders and oversight bodies; plan and manage projects;
  • Prepare a variety of reports;
  • Learn Health Insurance Portability and Accountability Act (HIPPA) Security and privacy rules and requirements for Payment Card Industry compliance;

Vacancy expired!

Subscribe for new vacancies
Report job