Security Analyst - Consultant (CISA, CISSP, ISACA, ISC2 or SANS GIAC)
: Columbia, SC, USA
$80 per hour
CISA, CISSP, ISACA, ISC2 or SANS GIAC
We are a Denver based IT Consulting Company; we are working directly many of State / Federal Client in the United State of America. Currently, we have an opening for “Security Analyst - Consultant” with our Client “State of SC (Department of Employment and Workforce)” in “Columbia, SC”. If you are interested then please do mail me your Updated Resume in word format, Availability, Contact Details, Citizenship Status and hourly rate ASAP. As per the hiring policy of our client.
Position : Security Analyst - Consultant (CISA, CISSP, ISACA, ISC2 or SANS GIAC)
Position Id : 7870-1
Duration : 9+Year
Location :Columbia, SC
Client : State of SC (Department of Employment and Workforce)
Pay Rate : C2C: $80/hr or W2=70/hr (no benefit )
Interview :Either Webcam Interview or Telephonic
General Duties and Responsibilities:
Promote the design, development, implementation and/or ongoing maturation of agency security and compliance efforts.
Audit and assess internal agency systems as well as vendor/service provider information system security controls.
Utilize the Microsoft Office software suite, including Visio, and other tools to document and report on information gathered during audit and assessment activities.
Perform security and compliance reviews of and for contracts, data sharing agreements, and other types of documents and artifacts.
Serve as a point of contact and advisor for third-party audits and/or assessments of agency and business partner systems.
Collaborate with agency leadership, vendors, contractors, and other stakeholders to provide recommendations for security and compliance risk mitigation efforts.
Perform architectural reviews and risk analysis of security-related designs and requests to make sound recommendations related to:
Network Design and Information Flow
System and Data Access Models
Firewall Rule Requests (Ports, Protocols and Services)
Baseline Configurations and Exception Requests
Security Program Experience:
Leadership experience with FISMA/NIST Risk Management Framework (RMF) compliant programs is strongly desired and will be given the highest weight. The ideal candidate will have well-documented success in the development and maintenance of System Security Plans, Privacy Impact Assessments, Computer Matching and Data Sharing Agreements, and related audit and assessment activities to complete and verify these and other RMF-related tasks and artifacts.
Experience with advising on, performing, reviewing, and creating RMF-related tasks and artifacts throughout the System Development Life Cycle (SDLC) is desired.
Experience in information security and compliance activities as related to Cloud services and vendor management is desired.
Hands on experience with any or all of the following technologies or disciplines would be desirable:
Linux and Windows servers
Network Firewalls, Intrusion Prevention Systems (IPS), switching and routing, infrastructure
Security Information and Event Management (SIEM) solutions
Identity and Access Management (IAM) solutions
Vulnerability scanning and management
Change control/change management
Required Skills (Rank In Order Of Importance):
Strong working knowledge of FISMA, NIST, and general Information Security and Privacy requirements, standards, and guidelines.
5+ years of experience working in the Information Technology field or auditing/assessing Information Technology systems or programs.
ISC2, ISACA, SANS GIAC, or other similar Information Security Certification is required.
Documented experience in the creation and maintenance of Risk Management Framework (RMF) and Assessment and Authorization (A&A) artifacts such as System Security Plans, Privacy Impact Assessments, Interconnection Security Agreements, Computer Matching Agreements, Plans of Action and Milestones, and Corrective Action Plans.
Ability to evaluate, create, and edit information security and privacy policies, procedures, standards, and guidelines.
Ability to work independently and as a member of a team.
Ability to multitask and prioritize tasks effectively in order to meet deadlines.
Ability to engage diverse audiences of varying technical and non-technical skill-levels to ensure effective alignment of technical requirements to business objectives.
Ability to collaborate and coordinate efforts among multiple teams and vendors.
Must have intermediate to advanced skills in Microsoft Office products (Word, Excel, PowerPoint, Visio) to include working with templates and style guidelines for branding consistency and to include creating data flow diagrams, logical and physical diagrams, and process documentation.
Keen attention to detail while maintaining the ability to see and communicate the big picture.
Ability to absorb, retain, communicate, and document complex processes.
Strong English language skills.
Demonstrable understanding of the rules of English grammar and usage.
Ability to accept changes and constructive criticism and to remain flexible in dealing with leadership and teams of varying levels of technical and business knowledge.
Strong organizational skills and ability to manage multiple projects.
Preferred Skills (Rank In Order Of Importance):
Bachelor’s degree in computer science or similar discipline.
Strong working knowledge of IRS Publication 1075 compliance requirements.
Prior experience working with an organization subject to IRS Publication 1075 requirements.
Prior experience working with an organization subject to Social Security Administration data protection requirements and oversight.
Experience with eGRC solutions.
Prior SC state government experience.
CISA, CISSP, or related certifications from certification bodies such as ISACA, ISC2, and SANS GIAC.