Vulnerability Program Manager

Colorado  ‐ Onsite
This project has been archived and is not accepting more applications.
Browse open projects on our job board.

Keywords

Description

Our Client is seeking a Vulnerability Program Manager.

Need: Individual to manage the remediation efforts, document new processes and assist with creation of new policies. This individual should maintain a broad compliance view.

Responsibilities:

  • Assess and establish the baseline of all programs.
  • Create the strategy, project plan, and project schedule.
  • Document control plans, strengthen existing (or absent) controls.
  • Establish and Document Version Control standards.

Required Education/Experience:

  • Bachelor's degree in Computer Science or equivalent work experience.
  • The goal is to develop and operationalize key processes for the prevention and remediation of vulnerabilities. Many of these processes are already in place in some form or fashion, but are not consistently applied or documented.

Our preliminary pass at a high level scope includes:

Hardware and Software

  • All company hardware including PCs, Servers, network devices, printers and appliances (anything with IP address on network).
  • All company software including OS, database and application layers and all platforms (eg, Windows, Linux, &Core& systems to the extent technically feasible).
  • All company business units, including new acquisitions to the degree it is feasible, EXCEPT Agent infrastructure at the POS.

Process and Procedure

  • Device build checklists and procedures.
  • OS and DB baselines, and applications on a risk-based approach.
  • OS, DB and application patching.
  • OS, DB and application vulnerability remediation.
  • Version control standards and procedures.
  • Updated End User standards, including agreed upon support for non-standard applications (taking into account new structure with Win 7).
  • Updated vulnerability management rating criteria and OLAs for remediation.
  • Develop Project Plans/WBS for remediation of current vulnerabilities and the implementation of sustainable process and procedure around server and PC build, base lining, patching and vulnerability management.
  • Complete required program documents.
  • Assist with strategy and solution development.
  • Assist with the majority of the documentation of process, procedures, standards, etc.
  • Drive the completion of tasks included in the project plans and ensure requirements are met.
  • Track and report on the progress of the projects.

Credentials: (at least 2 of the following preferred)

  • BSI Associate Consultant for ISO 27001 and BS 25999.
  • Certified by PCI Council as ASV, QSA and PA-QSA; 200+ QSA s.
  • BITS Shared Assessments Program assessor.
  • HITRUST Qualified CSF Certifier and Qualified CSF Consultant.
  • Crest approved penetration tester.
Application Requirements
  • Client will not accept subcontractors
Required Qualifications:
  • Security
  • Network Manager
  • Network architect
Start date
n.a
From
MATRIX Resources, Inc.
Published at
11.04.2012
Project ID:
346397
Contract type
Freelance
To apply to this project you must log in.
Register