Enterprise Information Security Specialist

Virginia  ‐ Onsite
This project has been archived and is not accepting more applications.
Browse open projects on our job board.

Keywords

Description

Our client is looking for an Enterprise Information Security Specialist II in Richmond, VA. This is a contract position starting .

Qualifications:

Requires advanced job knowledge and results in several of the following areas:

- Evaluation, enhancement and support of information security strategy, policy, standards, and processes, including standards development, risk management, compliance management, and information security-related processes and procedures.

- Assessment of the effectiveness of an enterprise information security program through the analysis and correlation of enterprise-wide IT vulnerability and risk assessments, information system control deficiencies, risk mitigate techniques, and control implications in a heterogeneous IT environment, including operating systems, network, Middleware, database, contingency, distributed computing, Mainframe, etc.,

- Involves the development of related performance metrics and risk indicators for executive level reporting.

- Information security related industry practices, standards and regulations (eg, ISO , NIST, GLBA, HSPD-12).

- Intermediate knowledge of IT related industry governance and controls best practices and regulations (eg, SOX/COSO, COBIT, ITIL).

- Requires advanced interpersonal skills to effectively promote ideas at the System level, and promote collaboration and encourage teamwork in same or across department/division/organization as part of project teams/Matrix's management.

- Requires advanced analysis and decision making skills to facilitate resolution of highly complex information security compliance and risk issues, and to promote an effective controls environment across the enterprise.

- Requires strong command and interpersonal, oral, and written communication skills to prepare and present executive and management level briefings and reports related to information security performance, enterprise-wide assessments, and compliance.

- Prepare presentations, interact and communicate with all management and staff levels across the System and various internal and external entities.

- Requires a high degree of cooperation, tact, and persuasion.

- Broad knowledge of IT security systems, processes and procedures, including intrusion detection, Firewall technologies, and identity and access management is highly desirable.

- May require advanced knowledge of and ability to apply formal project management methodology and the application of the PMBOK, as used within the client as well as industry standard best practices in project management.

- Bachelor's or Master's degree in information security, information technology, computer science or related technical field is preferred, six to ten years of information security, information risk management, and/or information assurance is preferred or an equivalent combination of education and job-related experience equal to 8 - 10 years.

- Prior experience in IT operations processes and controls is desirable.

- Prior client knowledge and experience is desirable.

- Certification: CISSP, CISA, CISM is desirable.

Responsibilities:

The Enterprise Information Security Specialist II is responsible for supporting the primary areas within the National Information Security Assurance (NISA) function:

Provides guidance for the information security policy direction for the client's System, including the public key infrastructure; develops, publishes, maintains and interprets the information security policy framework, which includes policy, procedures, standards, risk management and exception processes; supports the enterprise information security performance program to develop and assess composite risk metrics and compliance statistics as a holistic measure of the client'ss information security posture; and supports informed strategic and tactical decision-making on the client's information security program by assessing and communicating enterprise-level information security risk and security program gaps.

Start date
immediate
Duration
through 4/2014
From
The Merge Computer Group, Inc
Published at
15.11.2013
Project ID:
627961
Contract type
Freelance
To apply to this project you must log in.
Register