Information Security Compliance Analyst
- Full Time, onsite
- Goahead Solutions
- HybridOnsite for the 1st week of training, United States of America
Apply on
Seeking an Information Security Compliance Analyst to lead the internal staff in the implementation & execution of technical aspects of an enterprise security plan. Will be the SME on security issues/projects so that team members can increase their security knowledge. Looking for a fast learner who can come up to domain knowledge speed quickly.
Duration: 12 months
Work locations: San Diego (onsite for 2 days of training, remote onward)
****Must currently reside in California and able to work on our W2****
Deliverables/duties:
-Conduct the most complex Risk Assessments (RA s)
-Provide in-depth security knowledge & consultation when analyzing security risks (e.g., analyzing security related reports, evaluating security risks impacting & making recommendations to all programs.
-Develop & maintain security policies and standards based on security framework and industry standards including the identification of risk rating for each security control.
-Train/mentor new/existing ESEC group members on RAs/BRDs/TDDs/security defects (e.g., identify applicable security risks and mitigating controls; review for adherence to the system engineering handbook/security-policies & standards).
-Develop/maintain procedures (e.g., RA/BRD/TDD/security defects)
-Perform analysis on the most complex Security Incident Response (SIR) tickets as needed
-Attend meetings/represent information security for all security matters
-Act as lead/co-lead/backup on assigned information security projects
-Provide skills enhancement at a satisfactory rate & report any issues that may impede the progress of training and mentoring.
-Provide input to contract executives to develop training and mentoring plans to include specific skill sets, tasks, and training methodologies.
-Execute the training and mentoring plan(s) with internal employees and provide input to refine and further develop training and mentoring plans as training progresses.
-Meet & discuss progress of training of internal employees monthly.
-Document a training plan on the mentoring & skill enhancement planner and to monitor progress of training & mentoring with internal employee(s).
Technical working exp./skills:
At least 5 yrs. of information security exp. and at least 2 yrs. of lead/management exp. performing a variety of progressively responsible technical & analytical work.
At least 5yrs of information security practice exp:
-Technical security project management skills.
-Working exp. using best practices standards and frameworks: ISO 27001/27002, PCI: DSS V4; GLBA; HIPPA/HITECH; NIST 800-53; CIS CONTROLS, NIST CSF, CIS RAM
-Hardware: Networks switches, routers, load balancers, servers, storage systems, end-user systems, mobile devices, or other devices that enable the organization to complete its mission
-Operating Systems: Unix, Linux, Windows
-Network: LAN, WAN, Internet, Proxy/Filtering, Firewall, VPN, DMZ
-Network protocols such as: TCP/IP, SNMP, SMTP, NTP, DNS, LDAP, NFS, SAMBA
-Databases: Oracle, SQL, MySQL
-Cloud platforms: IAAS, PAAS, SAAS
-Security concepts such as: Encryption or Hardening
-Security: GRC
-Active Directory
-Programming languages are a plus
Professional skills:
-Strong analytical and critical thinking skills
-Excellent written and oral communication skills to effectively communicate across all levels of the organization
-Proven ability to present to a senior management & executive level audience
-Working experience of security, policy compliance & governance framework including: NIST-800 series, PCI, ISO 27001/27002, ITIL & COBIT
-Expert knowledge in security project management practices
-Self-motivated/self-starter/proactive, working closely & actively communicating with team members to accomplish time critical tasks & deliverables
-Working experience in a highly regulated environment, managing information risks and expectations across multiple stakeholder groups. Working experience of emergent security risks.
-Convey and explain complex problems and solutions in an understandable language to both technical and non-technical people.
-Think creatively & critically, analyzing complex problems, weighing multiple solutions, & carefully selecting solutions appropriate to the business needs, project scope, and available resources
-Take responsibility for the integrity of the solution
-Ability to be a strategic thinker
-Demonstrated ability to influence others
-Exp. managing multiple projects
-At least 5yrs of information security exp.
-CISA, CISM, and/or CISSP certification are required.