Information Security Specialist
Job Description
Information Security Specialist
Rancho Cordova, California
12 months Contract
Job description:
General Summary:
With minimal supervision, maintain security of networks and systems through different technology measures. Engage in current and future security planning and efforts.
Essential Functions
Mitigate security issues/risks related to the security of the network and systems
Develop processes and procedures for implementation throughout the organization to create the most technologically secure environment and minimize occurrence of security risks
Create definitions surrounding security at Client, including but not limited to access privileges
Contribute to information security design and planning, accounting for current and proposed legislation, industry standards, and other foreseeable factors
Install, design, and implement technology for security preservation
Monitor, analyze/evaluate security and provide recommendations/solutions as applicable
Recognize issues for network or systems to ultimately facilitate quickest, most efficient resolution and generate incidence report(s)Install, implement and possibly create technology for security of systems, networks, and/or data
Determine weaknesses within the security of the organization to thwart any security breaches through the use of different techniques including but not limited to: audits, hacking, trend evaluation, and other knowledge
Coordinate and respond to client security audit requests and validate the organizations compliance to client requirements
Coordinate activities and respond to internal and external audit requests
Be technical security leader, and provide guidance for security preservation for technology projects or solutions throughout GTS
Remain current on new technologies, specifically seek out security technologies; introduce applicable technology in alignment with VSP goals and for creative solutions and to increase security effectiveness and/or mitigate risk
Guide change with a focus on optimal outcomes
Job Specifications
Typically has the following skills or abilities:
Bachelors degree in Computer Science, Business or equivalent related field, or equivalent experience
Minimum of five years of information security experience, prefer experience in applications and infrastructure security
Prefer CISSP, CISM or equivalent SANS GIAC certifications
Demonstrated experience applying knowledge of infrastructure, and application security, including conceptual and working knowledge
Current knowledge of regulatory and statutory compliance requirements as applicable
Experience or ability to maintain documentation (possibly including one or more of the following: processes, diagrams, standards, and/or manuals for use throughout organization)Demonstrated ability to master the concepts and skills neededExcellent analytical and problem - solving skills for moderate problems
Excellent organization and time management skills
Meet/exceed organizations best practices, expectations, and standards
Demonstrated ability to identify and mitigate risk(s)Excellent written and verbal communication skills
Demonstrated ability to guide others in regards to team self-management
Ability to regularly exercises discretion and independent judgment in the performance of his/her job duties
PURPOSE OF THE JOB:
Conduct Security Risk Assessments as assigned to the team. Request and analyze documentation necessary to perform appropriate assessment and conduct necessary interviews in order to collect and review relevant materials necessary to produce results of the assessment. Clearly and concisely document and communicate risk assessment results with requestor, security architects and management, as appropriate. Conduct and formulate appropriate risk scoring, as it relates to threat, vulnerability, likelihood, impact, security controls/countermeasures, etc. Understand and contribute to inventory of risk register tracking, scoring and associated risk statements. Perform follow up activities related to exceptions, risk acceptance, corrective action plans and additional mitigation activities. Thorough understanding and must be able to communicate risk treatment methodology; risk avoidance, risk acceptance, risk transference and risk mitigation. Partner with multiple projects and initiatives to apply security architecture requirements, develop architecture solutions, integrate security into solution designs, access risks of security gaps, and develop architecture remediation. Assist IT teams in developing and maintaining appropriate procedural documentation which meets relevant compliance standards, such as HIPAA, ISO 27001 and NIST 800-53. Assure compliance to required standards, procedures, guidelines and processes.
Ideal Candidate Will Have –
• 3+ years of risk management and/or internal controls
• Big 4, Consulting or IT internal audit experience
• CISA, CIA or CISSP certification.