Overview
Skills
Job Details
About UVS Infotech:
UVS Infotech is a Laurel, Maryland-based, IT System Integrator with expertise in Emerging Technologies: Artificial Intelligence, Machine Learning, Robotic Process Automation, Blockchain, Identity & Access Management, Identity Proofing
Position Description:
We are seeking an experienced IT Security Subject Matter Expert / Technical Specialist to join Suffolk County s IT organization on-site for a three-month engagement. This is a senior-level technical role within the Public Sector (County Government) domain, reporting to the IT Manager. The specialist will drive strategic improvements in cybersecurity posture, ensure policy compliance, and implement Governance, Risk, and Compliance (GRC) tooling, helping to mature the County s overall security program.
Role and Responsibilities:
- Assess the current cybersecurity posture and recommend enhancements across networks, systems, and applications.
- Develop and maintain security policies, standards, and procedures to align with industry best practices (e.g., NIST, CIS).
- Augment existing IT staff by providing expert guidance on policy interpretation, threat modeling, and secure architecture.
- Evolve the County s cybersecurity program roadmap, prioritizing initiatives based on risk and business impact.
- Lead risk-based compliance efforts, conducting audits and coordinating remediation activities.
- Automate policy enforcement through scripting or configuration of security tools, reducing manual workload.
- Implement and configure GRC solutions to centralize risk tracking, control testing, and reporting.
- Collaborate with cross-functional teams including network, application, and operations staff to integrate security controls into daily workflows.
Required Skills:
- Security Frameworks & Standards: Deep knowledge of NIST SP 800-53/800-171, CIS Controls, and ISO 27001.
- GRC Tools: Hands-on experience implementing or administering tools such as Archer, RSA Encompass, ServiceNow GRC, or similar.
- Technical Expertise: Proficiency with network and data center technologies (firewalls, IDS/IPS, VPNs, SIEM).
- Automation & Scripting: Ability to create scripts (PowerShell, Python, Bash) to enforce policies or orchestrate security tasks.
- Certifications: CISSP, CISM, or equivalent vendor certifications (e.g., CCNP Security, GIAC).
- Communication: Strong written and verbal communication skills for policy documentation and stakeholder briefings.
- Analytical Thinking: Aptitude for risk assessment, vulnerability analysis, and translating findings into actionable plans.
Education and Experience:
- Bachelor s Degree in Computer Science, Information Security, or a related field (or equivalent experience).
- Minimum of 10 years of enterprise-level IT security experience, including design and implementation of security or data center technologies.
- Certifications (Mandatory): CISSP or CISM.
- Certifications (Preferred): GIAC GSECIH, CCNP Security, or vendor-specific credentials in Palo Alto, Fortinet, or Splunk.
- Prior work within local or federal government environments is highly desirable.
- Demonstrated track record of delivering GRC tool implementations and maturing cybersecurity programs in complex, regulated settings.