Job Description
• Develop and maintain security documents such as business impact analysis, data classification, security architecture and security plan, disaster recovery, risk assessment, and corrective actions.
• Ensure applications and infrastructure meet the CIS Benchmark Hardening Guidelines.
• Ensure cloud-hosted system meets the security requirements to include SOC 2 reports, assessments provided by third parties.
• Develop executive dashboards and security metrics.
• Other duties as assigned by Information Security Officer.
REQUIRED SKILLS:
BS or BA degree in a Computer Science or a related technical discipline, five (5) or more years of relative experience or training. – REQUIRED 5 YEARS.
Considerable experience and knowledge in IT security governance/compliance, risk management. – REQUIRED 5 YEARS.
Familiarity with the Commonwealth's Security policies, National Institute of Standards and Technology (NIST 800-53), ISO 27001, COBIT, NICE, ITIL – REQUIRED 5 YEARS.
Knowledge of security controls, system audits, incident response and mitigation, risk assessments, vulnerability scanning, or pen tests. – REQUIRED 5 YEARS.
Certified Information Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor, CRISC – REQUIRED 5 YEARS.
Considerable experience with the NIST Risk Management Framework NIST 800-37 – DESIRED 5 YEARS.
Additional Information
All your information will be kept confidential according to EEO guidelines.