Job Description
Position Title: IT Security Specialist Contract Term: Up to 6 months Under direction, to oversee and coordinate the assessment of information technology (IT) systems and applications; to evaluate the effectiveness of information security measures, Countywide; to develop and maintain information security standards, guidelines, practices, policies, and procedures; to ensure compliance with information security strategies and programs; and to provide training, awareness, and assistance to IT staff responsible for information security risk compliance and monitoring. Typical Tasks: • Develops, implements, and maintains corporate-wide security standards, guidelines, policies, and procedures based on best practices and compliance requirements; recommends security enhancements; • Ensures ongoing security compliance and prevents the unauthorized use, release, modification, or destruction of data; • Oversees the development of risk programs to achieve required risk tolerance levels; assists departments to establish appropriate risk levels; • Designs secure business processes in conjunction with corporate departments, based upon defined risk tolerance levels; • Works with the security engineers to schedule testing of systems (scans, system test and evaluation) and examines active monitoring to ensure controls are in place and are effective; • Evaluates security incidents, develops solutions, and communicates results to technical staff and management; • Collaborates with the department IT managers outside of the Technology Services and Solutions to ensure information security and privacy risks are identified, documented and addressed in a timely manner; tracks corrective action plans; • Provides consulting, training, and security awareness services to other departments to effectively interact with Corporate Information Security and leverage centralized control capabilities within their operating environment; • Conducts information security risk assessments within the Technology Services and Solutions and on an enterprise-wide basis; • Conducts periodic departmental security audits; identifies noncompliance and recommends corrective actions to comply with Federal regulations and corporate policy; • Advises management of risks and best security practices; prepares status reports for managers regarding compliance issues and provides regulatory updates; • Enforces information security standards, guidelines, policies, and procedures; • Leads key cross-functional efforts to assess and improve the control environment or ensure regulatory compliance; • Leads key cross-functional efforts to assess and improve the control environment or ensure regulatory compliance; • Assesses the impact of external actions on computer systems and networks and determines whether the Corporation has been subjected to a system failure, a computer related crime, or potentially hostile information warfare; • Conducts security research to stay abreast of security issues and industry trends; Training and Experience: Sufficient education, training, and experience to demonstrate the possession and direct application of the following knowledge and abilities. • Sufficient education, training, and experience to demonstrate the ability to perform the above tasks and the attainment of the knowledge and abilities listed below. • Five (5) years of increasingly responsible experience in the information security technology field. Experience with project management; direct audit activities; information assurance; risk management; or in a compliance environment, with emphasis in IT or Healthcare, is desirable. Certifications: • Certification in audit and/or risk management such as Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), and/or Certified Information Systems Security Professional (CISSP) preferred. Knowledge of: • IT security principles, practices, terminology and trends; • Risk and threat assessment process and practices; • Information security risks, controls, regulatory guidelines, and industry standards related to information security; • Industry best practices in risk identification, mitigation, and control assessments; • Laws and regulations outlined in the Federal Information Security Management Act (FISMA) framework; • Federal Risk and Authorization Program (FedRAMP); • National Institute of Standards and Technology (NIST) Risk Management Framework. Ability to: • Conduct information security risk assessments and security audits on an enterprise-wide basis; • Conduct independent systems analysis of complex business processes; • Test and monitor security controls; • Identify noncompliance and recommend corrective action; lead or work collaboratively with corporate staff on issues of compliance and risk management; • Enforce information security standards, guidelines, policies, and procedures; • Define and discern key aspects of a problem and develop an integrated solution within a broad technical and business context; • Develop, maintain, and recommend enhancements to risk programs, standards, guidelines, policies, and procedures; • Communicate risk status to various levels of management; • Identify, gather, and analyze key risk data and propose remediation actions when necessary; • Lead multi-department risk assessment projects requiring coordination with numerous stakeholders and oversight bodies; plan and manage projects; • Prepare a variety of reports; • Learn Health Insurance Portability and Accountability Act (HIPPA) Security and privacy rules and requirements for Payment Card Industry compliance; On-Site Requirements: On-call help may be required.
Company Description
We are a recruiting/staffing firm that has been in business for over 25 years. We have offices in Southern and Northern California, but we support clients across the country.