Job Description

Information Security Specialist
Rancho Cordova, California
12 months Contract

Job description:

General Summary:

With minimal supervision, maintain security of networks and systems through different technology measures. Engage in current and future security planning and efforts.

Essential Functions

Mitigate security issues/risks related to the security of the network and systems

Develop processes and procedures for implementation throughout the organization to create the most technologically secure environment and minimize occurrence of security risks

Create definitions surrounding security at Client, including but not limited to access privileges

Contribute to information security design and planning, accounting for current and proposed legislation, industry standards, and other foreseeable factors

Install, design, and implement technology for security preservation

Monitor, analyze/evaluate security and provide recommendations/solutions as applicable

Recognize issues for network or systems to ultimately facilitate quickest, most efficient resolution and generate incidence report(s)Install, implement and possibly create technology for security of systems, networks, and/or data

Determine weaknesses within the security of the organization to thwart any security breaches through the use of different techniques including but not limited to: audits, hacking, trend evaluation, and other knowledge

Coordinate and respond to client security audit requests and validate the organizations compliance to client requirements

Coordinate activities and respond to internal and external audit requests

Be technical security leader, and provide guidance for security preservation for technology projects or solutions throughout GTS

Remain current on new technologies, specifically seek out security technologies; introduce applicable technology in alignment with VSP goals and for creative solutions and to increase security effectiveness and/or mitigate risk

Guide change with a focus on optimal outcomes

Job Specifications

Typically has the following skills or abilities:

Bachelors degree in Computer Science, Business or equivalent related field, or equivalent experience

Minimum of five years of information security experience, prefer experience in applications and infrastructure security

Prefer CISSP, CISM or equivalent SANS GIAC certifications

Demonstrated experience applying knowledge of infrastructure, and application security, including conceptual and working knowledge

Current knowledge of regulatory and statutory compliance requirements as applicable

Experience or ability to maintain documentation (possibly including one or more of the following: processes, diagrams, standards, and/or manuals for use throughout organization)Demonstrated ability to master the concepts and skills neededExcellent analytical and problem - solving skills for moderate problems

Excellent organization and time management skills

Meet/exceed organizations best practices, expectations, and standards

Demonstrated ability to identify and mitigate risk(s)Excellent written and verbal communication skills

Demonstrated ability to guide others in regards to team self-management

Ability to regularly exercises discretion and independent judgment in the performance of his/her job duties

PURPOSE OF THE JOB:

Conduct Security Risk Assessments as assigned to the team. Request and analyze documentation necessary to perform appropriate assessment and conduct necessary interviews in order to collect and review relevant materials necessary to produce results of the assessment. Clearly and concisely document and communicate risk assessment results with requestor, security architects and management, as appropriate. Conduct and formulate appropriate risk scoring, as it relates to threat, vulnerability, likelihood, impact, security controls/countermeasures, etc. Understand and contribute to inventory of risk register tracking, scoring and associated risk statements. Perform follow up activities related to exceptions, risk acceptance, corrective action plans and additional mitigation activities. Thorough understanding and must be able to communicate risk treatment methodology; risk avoidance, risk acceptance, risk transference and risk mitigation. Partner with multiple projects and initiatives to apply security architecture requirements, develop architecture solutions, integrate security into solution designs, access risks of security gaps, and develop architecture remediation. Assist IT teams in developing and maintaining appropriate procedural documentation which meets relevant compliance standards, such as HIPAA, ISO 27001 and NIST 800-53. Assure compliance to required standards, procedures, guidelines and processes.

Ideal Candidate Will Have –

• 3+ years of risk management and/or internal controls

• Big 4, Consulting or IT internal audit experience

• CISA, CIA or CISSP certification.