Sorry, this listing is no longer accepting applications. Don’t worry, we have more awesome opportunities and internships for you.

IT Security Specialist

E

Elegant Enterprise- Wide Solutions Inc

IT Security Specialist

San Jose, CA
Full Time
Paid
Similar Jobs
  • Responsibilities

    Job Description

    TYPICAL TASKS: Develops, implements, and maintains Countywide security standards, guidelines, policies, and procedures based on best practices and compliance requirements; recommends security enhancements; Ensures ongoing security compliance and prevents the unauthorized use, release, modification, or destruction of data; Oversees the development of risk programs to achieve required risk tolerance levels; assists departments to establish appropriate risk levels; Designs secure business processes in conjunction with County departments, based upon defined risk tolerance levels; Works with the security engineers to schedule testing of systems (scans, system test and evaluation) and examines active monitoring to ensure controls are in place and are effective; Evaluates security incidents, develops solutions, and communicates results to technical staff and management; Collaborates with the department IT managers outside of the Technology Services and Solutions to ensure information security and privacy risks are identified, documented and addressed in a timely manner; tracks corrective action plans; Provides consulting, training, and security awareness services to other departments to effectively interact with County Information Security and leverage centralized control capabilities within their operating environment; Conducts information security risk assessments within the Technology Services and Solutions and on an enterprise-wide basis; Conducts periodic departmental security audits; identifies noncompliance and recommends corrective actions to comply with Federal regulations and County policy; Advises management of risks and best security practices; prepares status reports for managers regarding compliance issues and provides regulatory updates; Enforces information security standards, guidelines, policies, and procedures; Leads key cross-functional efforts to assess and improve the control environment or ensure regulatory compliance; Leads key cross-functional efforts to assess and improve the control environment or ensure regulatory compliance; Assesses the impact of external actions on computer systems and networks and determines whether the County has been subjected to a system failure, a computer related crime, or potentially hostile information warfare; Conducts security research to stay abreast of security issues and industry trends;

    Training and Experience: Sufficient education, training, and experience to demonstrate the possession and direct application of the following knowledge and abilities.

    Sufficient education, training, and experience to demonstrate the ability to perform the above tasks and the attainment of the knowledge and abilities listed below. Five (5) years of increasingly responsible experience in the information security technology field. Experience with project management; direct audit activities; information assurance; risk management; or in a compliance environment, with emphasis in IT or Healthcare, is desirable.

    CERTIFICATIONS: Certification in audit and/or risk management such as Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), and/or Certified Information Systems Security Professional (CISSP) preferred.

    KNOWLEDGE OF: IT security principles, practices, terminology and trends; Risk and threat assessment process and practices; Information security risks, controls, regulatory guidelines, and industry standards related to information security; Industry best practices in risk identification, mitigation, and control assessments; Laws and regulations outlined in the Federal Information Security Management Act (FISMA) framework; Federal Risk and Authorization Program (FedRAMP); National Institute of Standards and Technology (NIST) Risk Management Framework.

    ABILITY TO: Conduct information security risk assessments and security audits on an enterprise-wide basis; Conduct independent systems analysis of complex business processes; Test and monitor security controls; Identify noncompliance and recommend corrective action; lead or work collaboratively with County staff on issues of compliance and risk management; Enforce information security standards, guidelines, policies, and procedures; Define and discern key aspects of a problem and develop an integrated solution within a broad technical and business context; Develop, maintain, and recommend enhancements to risk programs, standards, guidelines, policies, and procedures; Communicate risk status to various levels of management; Identify, gather, and analyze key risk data and propose remediation actions when necessary; Lead multi-department risk assessment projects requiring coordination with numerous stakeholders and oversight bodies; plan and manage projects; Prepare a variety of reports; Learn Health Insurance Portability and Accountability Act (HIPPA) Security and privacy rules and requirements for Payment Card Industry compliance;