The candidate will be allowed to work remotely until all staff may be required to return to site. At that point, the candidate may be required to come onsite.
The client has no immediate plans to come on-site now or in the near future.
The candidate will need to come onsite the first day to collect equipment.
Our client has an opening for a Security Consultant (716589)
This position is for 12 months, with the option of an extension, and the client is in Raleigh, NC.
If interested in this job, please send us your rate and resume.
The Information Security Office (ISO) requires a contract information security specialist (expert) architect/analyst resource to provide compliance program development, leadership, and management for the client's business, in addition to information security policy, standards, process, procedure, and application consulting. This position will be an Information Security Business Architect (ISBA, working title) dedicated primarily to support overall ISO Compliance Program development and management which can include, but is not limited to, compliance program components such as annual compliance reporting, Payment Card Industry (PCI-DSS), audit support, 3rd party, overall security, cloud, and identity compliance. This position will also deliver project consulting focused on information security compliance and assessment of data handled by the client's applications, systems, and third parties. This staff will lead ongoing PCI-DSS compliance maintenance and annual assessment functions. This staff will be responsible for identity, cloud, and overall agency IT security compliance leadership. To maintain adequate security posture and respond to security consulting needs, the ISO must have additional staff to support ISO project workload demand.
Current or prior role as a PCI-DSS Qualified Security Assessor (QSA) or PCI-DSS Internal Security Assessor (ISA) Highly desired
Experience leading or directly supporting PCI-DSS annual assessment for a L1 or L2 merchant, familiarity with PCI-DSS 3.2 or higher. Required 3 Years
Strong knowledge and experience architecting/designing implementations, configuring, and risk assessing AWS and/or Azure cloud computing environments. Required 3 Years
Progressive advanced experience as an IT information security professional working within an enterprise environment. Required 5 Years
Hands-on experience implementing, administrating and operating technologies such as firewalls, IDS/IPS, SIEM, antivirus, network traffic analyzers Required 5 Years
Detailed technical experience with network security, security protocols, access control, cryptography, application security, and data protection. Required 5 Years
Extensive experience with data classification, handling, assessment, and enforcement. Required 5 Years
Experience implementing and supporting systems within enterprise-class data center environments. Required 5 Years
Advanced knowledge of regulatory compliance including, but not limited to: OWASP, ISO, NIST, FISMA, PCI-DSS, HIPAA and IRS-1075. Required 5 Years
Experience leading risk assessments using industry standard frameworks such as ISO or NIST for complex IT projects and technologies. Required 5 Years
Experience developing, leading and executing information security incident response plans. Required 5 Years
Experience developing and implementing information security policy, standards and procedures. Required 5 Years
Experience providing research and evidence in support of audits. Required 3 Years
CISSP information security certification. Highly desired
Specific experience implementing, administrating, or operating Tenable Nessus. Highly desired 2 Years
Specific experience implementing, administrating, operating or utilizing IBM Qradar SIEM Highly desired 2 Years
Experience consulting on information security solutions for a state or federal agency. Highly desired 2 Years
Experience implementing and operating enterprise class data networking solutions Highly desired 5 Years
Experience implementing and operating enterprise class server and storage systems Highly desired 5 Years
Detailed expert knowledge of NIST 800-53, and performing risk assessments utilizing NIST 800-53. Highly desired 5 Years
Detailed expert knowledge of ISO 27001, and performing risk assessments utilizing ISO 27001 Highly desired 2 Years
Detailed expert knowledge of the NIST Cyber Security Framework (CSF), and performing risk assessments utilizing the NIST CSF. Highly desired 2 Years
Familiarity and experience with the Department of Homeland Security (DHS) Cyber Security Evaluation Tool (CSET). Highly desired 2 Years
Experience consulting on information security and IT solutions for a state motor vehicles agency or department of transportation. Highly desired
Experience performing risk assessments, documenting and driving compliance with the North Carolina DIT Statewide Information Security Manual. Highly desired
Experience completing NC Department of Information Technology Privacy Threshold Analysis (PTA) documentation. Highly desired
Experience completing NC Department of Information Technology Vendor Readiness Assessment Report (VRAR) documentation. Highly desired
Trained and experience implementing and operating with ITIL (formerly Information Technology Infrastructure Library) concepts. Highly desired
ITIL (formerly Information Technology Infrastructure Library) certification. Nice to have
Familiarity and practical experience with SABSA or TOGAF enterprise architecture frameworks and methodologies. Highly desired
SABSA or TOGAF certification. Nice to have
By replying to this job advertisement, I agree I want to receive additional job advertisements from Focused HR Solutions, including email, phone and mail to the contact information I am submitting. I consent to Focused HR Solutions, its affiliates, third parties and partners processing my personal data for these purposes and as described in the Privacy Policy. I understand that I can withdraw my consent at any t
This is a remote position.