Senior Security Risk Consultant

Texas  ‐ Onsite
This project has been archived and is not accepting more applications.
Browse open projects on our job board.

Description

POSITION SUMARY:

The Senior Information Security Risk Consultant is responsible for risk monitoring, analysis and ongoing assurance activities. Responsible for enabling and facilitating the District's understanding and compliance with the Federal Reserve System information security policies and related System, District and industry best practices. Involves a mixture of project work and operational services, providing a superior level of consulting and subject matter expertise to IT and business customers. This position will focus on security risk management and consulting.

RESPONSIBILITIES:

Engage with business areas to understand business mission and the technology that supports the mission.

Provide vision, expertise and knowledge-based consulting on security risk management strategies in alignment with the business area mission. Consult with business areas to identify and assess security risk, prioritize and interpret security controls and advise on risk mitigation and acceptance.

Develop/manage relationships with business areas in order to serve as a ready subject matter expert in information risk to support the protection of information processed, stored or transmitted.

Supports one or more highly specialized domains of security risk management which may include:

  • Security risk management and consulting
  • Continuous monitoring
  • Insider risk management
  • Patch management
  • Vulnerability management

Participates and/or leads projects typically involving multiple disciplines and may impact multiple business areas.

Participates on District and/or System teams furthering information security objectives and initiatives.

Acts as a source of direction, training and guidance for less experienced staff.

COMPETENCIES:

Functional Knowledge: Requires comprehensive understanding of concepts and principles within own discipline and knowledge of others.

Ensures Accountability: Holds self and others accountable to meet commitments.

Communicates Effectively: Develops and delivers communications that covey a clear understanding of the unique needs of different audiences.

Customer Focus: Builds strong customer relationships and delivers customer-centric solutions. Specifically, experience in developing and maintaining internal and external customer relationships and offering consulting based on subject matter expertise.

Develops Talent: Develops people to meet both their career goals and the organization's goals.

Values Differences: Recognizes the value that different perspectives and cultures bring to an organization.

Instills Trust: Gains the confidence and trust of others through honesty, integrity and authenticity.

Problem Solving: Exhibits strong critical thinking skills and problem solving abilities.

Prioritization and Planning: Applies organizational, time management and planning skills in order to manage assigned workload and complete multiple job assignments with multiple deadlines.

Initiative: Self-directed and motivated with the ability to work independently with minimal direction.

EXPERIENCE:

  • Possess in-depth ability performing information security risk analysis, security control interpretation and continuous monitoring in complex networked application environments.
  • At least five years of practical experience in the field of information security or IT risk and compliance.
  • Demonstrated experience in applying information security concepts to the assessment of business and technology components using NIST 800-53 or other, similar security control frameworks.
  • Experience in analyzing and documenting security risk, to include identifying exposures, likelihood, consequence and mitigating controls.
  • Demonstrates excellent written, verbal, and presentation skills to effectively communicate to both technical and non-technical audiences at various levels within the organization.
  • Demonstrated ability to learn quickly and practically apply new concepts or principles which can be confirmed by experience.

EDUCATION:

  • Bachelor's Degree in Management Information Systems, Computer Science, Business Administration or related field of study. Education and/or experience may be substituted.
  • CISSP, CISA, CISM or CRISC certification a plus.
  • Experience applying project management practices a plus.
  • Experience applying or ensuring compliance within the NIST 800-53 framework

WORK HOURS AND CONDITIONS:

  • Working Conditions: 8:00 a.m. to 5:00 p.m., Monday through Friday.
  • Overtime as required by project schedules or management.
  • Occasional travel as required by assignments, management or training requirements.

Notes:

  • Candidates must be a U.S. citizen.
  • Employment is contingent upon the selected candidate passing a financial credit check.
  • This position may be filled at various levels based on candidate experience and department needs.
Start date
June 2018
From
MCG - Midwest Consulting Group
Published at
02.06.2018
Project ID:
1564790
Contract type
Freelance
To apply to this project you must log in.
Register