Job Description

• Develop and maintain security documents such as business impact analysis, data classification, security architecture and security plan, disaster recovery, risk assessment, and corrective actions.

• Ensure applications and infrastructure meet the CIS Benchmark Hardening Guidelines.

• Ensure cloud-hosted system meets the security requirements to include SOC 2 reports, assessments provided by third parties.

• Develop executive dashboards and security metrics.

• Other duties as assigned by Information Security Officer.

REQUIRED SKILLS:

BS or BA degree in a Computer Science or a related technical discipline, five (5) or more years of relative experience or training. – REQUIRED 5 YEARS.

Considerable experience and knowledge in IT security governance/compliance, risk management. – REQUIRED 5 YEARS.

Familiarity with the Commonwealth's Security policies, National Institute of Standards and Technology (NIST 800-53), ISO 27001, COBIT, NICE, ITIL – REQUIRED 5 YEARS.

Knowledge of security controls, system audits, incident response and mitigation, risk assessments, vulnerability scanning, or pen tests. – REQUIRED 5 YEARS.

Certified Information Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor, CRISC – REQUIRED 5 YEARS.

Considerable experience with the NIST Risk Management Framework NIST 800-37 – DESIRED 5 YEARS.

Additional Information

All your information will be kept confidential according to EEO guidelines.