Information Security Analyst

Washington  ‐ Onsite
This project has been archived and is not accepting more applications.
Browse open projects on our job board.

Description

Description
  • Responsible for the development and delivery of a comprehensive information security and privacy program
  • The scope of this program is company-wide, and includes information in electronic, print and other formats.
  • The purposes of this program include: to assure that information created, acquired or maintained and its authorized users, is used in accordance with its intended purpose; to protect information and its infrastructure from external or internal threats; and to assure that complies with statutory and regulatory requirements regarding information access, security and privacy.
  • Coordinate the development of information security policies, standards and procedures.
  • Work with key IT offices, data custodians and governance groups in the development of such policies.
  • Ensure that company policies support compliance with external requirements.
  • Oversee the dissemination of policies, standards and procedures to the user community
  • Coordinate the development and delivery of an education and training program on information security and privacy matters for employees, other authorized users, and vendors
  • Serve as the company compliance officer with respect to state and federal information security policies and regulations.
  • Work with the designated internal audit, SOX compliance, legal, and HR on compliance issues as necessary.
  • Prepare and submit and submit required reports to external agencies
  • Develop and implement an Incident Reporting and Response System to address security incidents (breaches), respond to alleged policy violations, or complaints from external parties.
  • Serve as the official company contact point for information security, privacy and copyright infringement incidents, including relationships with law enforcement entities
  • Develop and implement an ongoing risk assessment program targeting information security and privacy matters; recommend methods for vulnerability detection and remediation, and oversee vulnerability testing
SKILLS:

Skills Required
  • 6-8 years of experience in information security/technology or related field.
  • Advanced verbal and communication skills with diverse cross functioning groups.
  • Strong background and experience in policy development, program administration.
  • In depth knowledge and experience in incident response activities and compliance.
  • Ability to plan, organize and prioritize tasks to complete independently and within time frame established.
  • While technical knowledge of information technology and security issues is highly desirable, technical expertise and resources will be available from units such as Security Operations to support the information security and privacy program.
  • Strong technical writing abilities.
  • Very good understanding of security controls, control systems, and business drivers that impact security controls.
  • Knowledge of SEC, FFC, Sarbanes-Oxley (SOX) and or Gramm-Leach Bliley
  • Act regulatory policies and guidelines.
  • Strong background in security authentication, security applications development methodologies, security architecture and operational procedures, organization, business continuity skills, disaster recovery skills, identity management skills and hands on experience implementing products/solutions eg NetIQ, Entrust, Netegrity, Oblix, PKI, and some director service, RSA, strong understanding of the development and maintenance of RBACs (Role Based Access Controls).
  • Ability to work collaboratively with a broad range of constituencies essential.
  • A demonstrated ability to work with diverse cross functional groups of people is required.
Preferred Skills
  • Knowledge of the following technologies a plus:
  • Intrusion Detection/Prevention Systems for networks and hosts
  • Security Event Management Systems
  • Vulnerability Assessment Systems
  • Secure transfer protocols such as SSH, SCP and Connect Direct Secure Plus
  • Diagnostic tools such as packet capture/decode and WAN probes
  • IP Networking
  • Windows Systems administration and security tools
  • Experience with remote access, Terminal Servers, etc a plus
  • Experience in the administration of UNIX
  • Solaris, HP/UX, or Linux and Windows operating systems a plus
  • Experience in developing and administering an information security program desirable
  • Working knowledge of and experience in the policy and regulatory environment of information security, especially in higher education is desirable
Start date
n.a
From
Synectics
Published at
28.11.2015
Project ID:
1028994
Contract type
Freelance
To apply to this project you must log in.
Register