Certified Information Security Professional

Description

 Information Security Professional (CISSP, CISM, Windows, Linux, UNIX and Citrix Thin Client)

IT Smart is seeking a Certified Information Security Professional (CISSP) for a client in New York City.

Required Skills:

• Minimum of five (5) years experience as an Information Security Professional.
• Certification as a Certified Information Systems Security Professional (CISSP) and a Certified Information Security Manager (CISM) with either one of the following:
  • Certified Risk & Information Systems Control (CRISC),
  • Certified Information Systems Auditor (CISA),
  • Certified Secure Software Lifecycle Professional (CSSLP) or
  • SANS GIAC (ISO-27001 preferred, but not required) certified.
• Possess strong business acumen with excellent communication skills. Must have good presentation skills and comfortable communicating with mid and executive management. Strong documentation skills in policy and standards writing in addition to operational procedures. Must have conceptual skills to demonstrate complicated examples with visual illustrations for non-IT users.
• Experience with Windows, Linux, UNIX and Citrix Thin Client environment. Ability to recommend Operating System hardening for all environments and systems. Expert Active Directory security experience is required.
• Possess a broad knowledge of information security system controls (eg CISSP certified) and knowledge to identify technical, operational and business risks.
• Able to multi-task, be pro-active in project planning and requirements gathering and capable of setting priorities based on impact and risk to the business without supervision.
• Excellent interpersonal skills including negotiation, problem resolution and customer service.
• Must have experience with Data Leakage Prevention, Endpoint Security, Intrusion Prevention Systems, Integrity Controls, Encryption, Access Controls, Incident Response Procedures, Log Management, and Security Architecture & Design.
• Experience presenting security proposals to senior management and the ability to present complex ideas clearly and persuasively.

Desired Skills:

• Prior experience as an Information Security Manager or Director of Information Security.
• Prior and proven experience in Information Security with a focus on Enterprise Risk Management and Compliance.

Job Description:

The Information Security Professional will primarily be responsible for creating and formalizing the agency Enterprise Risk Management program (ERM) in support of the Information Security Governance initiative towards completion. The elected candidate will also be responsible for creating an executive reporting standard utilizing a Security Information and Event Management (SIEM). The Information Security Professional will work under the direct supervision of the CISO to interface with all business and IT users to create and document a standard risk management framework that identifies and mitigate agency risks across all business platforms.

Duties will include risk assessments and analysis of system vulnerabilities on the agency network and business systems, assurance metrics on identified risk indicators, and maintaining and updating the agency risk register.

The Information Security Professional must be available to work a minimum of 35 hours per week.

Assumptions Regarding Consultant Tasks and Deliverables

The Information Security Professional shall provide Information Security consultant services to the client for the completion of client's' ongoing Information Security Program.

The following descriptions and deliverables shall apply:

• Role:
  • The Information Security Professional must align and document risk management expertise as it pertains to the business and IT operations; act as a subject matter expert (SME) on risk assessment, analysis and remediation. There are 18 security domains contained in the Information Security Management Program.
• Objective:
  • The Information Security Professional will aide in the establishment of a formal Enterprise Risk Management program and document the agency IT Security Governance and Compliance framework.
• Deliverables:
  • The Information Security Professional is responsible for the following:
  • Complete the Information Security Operations and IT Standards documentation.
  • Standardize and document the agency Enterprise Risk Management plan.
  • Identify critical assets, risk owners, remediation strategies and document in the agency risk register.
  • Execute and certify the Enterprise Risk Management Program.
  • Create an executive dashboard for reporting metrics, Key Risk Indicators and Key Performance Indicators for identified critical business systems using a SIEM solution.

NOTE: Please send Resume with rate requirement.

Please restrict descriptions of experience in the Resume to those that are relevant to this requirement.