Overview
On Site
Compensation information provided in the description
Full Time
Skills
Cloud Security
Cyber Security
Microsoft Office
Security Controls
Roadmaps
Kubernetes
Active Directory
API Management
Supervision
Data Security
IT Management
Privacy
Process Improvement
Presentations
Technical Support
Training
Information Security Governance
Auditing
Regulatory Compliance
Security Architecture
Service Management
Quality Assurance
Incident Management
Systems Engineering
Budget
Security Awareness
Analytical Skill
Strategic Thinking
Facilitation
Articulate
Relationship Management
Multitasking
Computer Science
Mathematics
Threat Modeling
Authentication
SSO
LDAP
Authorization
PKI
SSL
Kerberos
Cryptography
Algorithms
Identity Management
Web Services
SAML
SOA
Information Security
Vulnerability Management
Software Security
Hardening
Linux
Web Servers
Microsoft IIS
Apache Tomcat
Servers
Database
Oracle
SQL
Microsoft Windows
IOS Development
BlackBerry
ArcSight
Web Applications
Firewall
OWASP
SANS
ISO/IEC 27001:2005
Management
Reporting
NIST SP 800 Series
ISO 9000
Octave
COBIT
Software Development Methodology
Project Lifecycle Management
ITIL
Project Management
Network
Operating Systems
Mobile Devices
.NET
GPEN
CISM
Risk Management
Risk Assessment
Risk Analysis
CISSP
IT Security
Procurement
Legal
Microsoft
Cloud Computing
Microsoft Azure
EMC RSA Archer
ServiceNow
Collaboration
Taxes
Life Insurance
Business Transformation
Law
Job Details
Remote work-Must go Onsite 1 time per quarter for 3 days in DC
Top Skills' DetailsIt is mandatory that the candidate has:
a) Technical security working experience with a broad range of Azure services.
b) Microsoft Certified: Cybersecurity Architect Expert.
c) Advanced working knowledge of:
- Azure Cloud and Microsoft 365 security controls, solutions, and future roadmaps.
- Azure Key Vault, Azure Kubernetes Service, Azure Active Directory, Defender for Cloud, Azure monitor, Azure API Management, Application gateway.
Additional certification with other Azure security areas is a plus.
Description
Under the general supervision of the Section Chief (Governance, Risk, Compliance & Data Security), the Senior Information Risk Consultant will provide information risk management and IT security expertise. The expertise will take the form of risk analysis, consultancy, policy, standards and best practice guidance, and process improvements. The candidate with be required to work with project teams, service providers, and business units internal and external to the Fund's IT function. The candidate is expected to bring pragmatic risk management experience allowing for the Fund to meet its present and emergent business needs but in compliance to Fund's security polices and standards and within risk appetite. The candidate is expected to advise and influence technology and business personnel regarding the value and methods of safeguarding information, applications, systems, infrastructure, and activities to help ensure that technologies function optimally; work practices are optimized so that the information risks are managed.
Specific responsibilities include:
Delivers information security risk assessments (Certification and Accreditation) of projects, new technologies, external service providers, and IT changes. Guides staff and managers on the appropriate risk mitigation strategies.
Effectively communicates requirements and trains staff and managers in IT divisions to identify and manage risks throughout the project lifecycle.
Communicates and reports on risk metrics to IT management and governance groups.
Maintain impartiality around IT systems to produce unbiased reports on information security risk;
Conducts quality assurance reviews of security requirements and audit recommendations for the implementation of identified solutions.
Manages the engagement process of external risk assessment providers and acts as a liaison with internal IT project teams and business units.
Supports the Fund's ISO 27001 certification by promoting self-compliance to policies and standards by IT staff and managers. Keeps abreast of international information security codes of practice such as ISO 27001/27002, information security and privacy regulations and how these measures could affect information assets owned by, or administered on behalf of, the IMF.
Assists with the development of the Fund's enterprise security architecture standards at the business, information, infrastructure, and application level. Provides subject matter expertise on enterprise security architecture and influences selection of tools and technologies to support the Fund's security architecture standards.
As an advocate of information security, works closely and proactively with IT project team leaders, service providers, and business units to provide security-related technical solutions. Identifies opportunities to improve business practices or IT security-related processes.
Analyzes, recommends and implements process improvements within the context of information security.
Works closely with IT project teams to develop implementation plans for new security-related products and services.
Coordinates the preparation and presentation of user technical support and training materials to ensure the efficient, effective and secure use of information and communications technology.
Coordinates and supports the work of security governance.
Prioritizes, monitors, and assesses compliance and audit recommendation results to ensure they are comprehensive, robust, and of high quality."
"Experience should include:
Having worked as or have experience of Information Risk Management at organizations with regulatory compliance requirements
Implementation of Vendor Risk Assessment frameworks
Demonstrated IT Security expertise in infrastructure areas, network, applications, and database system technologies including endpoints
Assisted and taken part in delivering Enterprise Security Architecture principles, service management concepts and experience with use of quality assurance tools and techniques
Delivered improvements in Application Security processes, and vulnerability minimization techniques
General infrastructure Vulnerability Management
Incident response process
Application of project management and systems development methodologies, and managing IT administrative and capital development project budgets
Delivery of Security awareness initiatives
Knowledge of administrative rules and regulations, processes, and technology capabilities
Skills:
Familiarity with a broad range of technologies supplemented by in-depth knowledge in specific areas of relevance
Ability to quickly grasp how new technologies work and how they might be applied to achieve business goals
Analytical skills that enable synthesis of inputs from many sources, and allow for strategic thinking and tactical implementation
Interpersonal skills that create openness and trust among colleagues
Facilitation and conflict management skills that enable effective working relationships
Spoken and written communications that are compelling, convincing and reassuring, and skills to articulate complex technical ideas to non-technical stakeholders
Pragmatic security expert with an inherent ability to balance security demands with business reality
Excellent relationship management skills
Ability to multi-task
Ability to think laterally and to have input to / propose detailed, complex solutions to technical issues
Education:
Advanced degree in Information Security and minimum 5 years experience in regulated industries working as an information risk manager or as an IT security architect; or
Bachelors degree in Information Security and minimum 10 years experience in regulated industries working as an information risk manager or IT security architect; or
Advanced university degree in computer science, engineering, mathematics, business or related field of study plus a minimum of 12 years of relevant experience in regulated industries working as an information risk manager or IT security architect."
" Assisting in the delivery of an IT Security Strategy and Architecture
Delivery of Information Security Risk and architecture assessments including consulting on threat modeling, appropriate tiering of N tier applications, placement, and infrastructure controls to protect application components. Able to consult and review the implementation of authentication (SSO, LDAP, AD), authorization (fine grained and course grained), and cryptography (PKI, SSL, kerberos, crypto algorithms) mechanisms within applications.
Experience with Identity and Access management suite integration, Web services (SAML, WS-Federation and WS-Security), and SOA security,
Defining the policies, standards, and guidelines for Information Security activities including Application and Infrastructure Security Vulnerability management and ensuring Application Security is integrated into SDLC
Ability to consult and deliver standards and guidelines on the hardening of application and infrastructure components, tools and techniques to ensure the security of application and infrastructure components such as LINUX/Windows servers, Web servers (IIS, Apache, tomcat), app servers, Databases (Oracle and MS SQL), endpoints (MAC, Windows, Apple IOS, Blackberry etc), ArcSight, and Web Application Firewalls.
Manage and review the output of Application and Infrastructure Security assessments conducted by external security services firms. Defining process and procedures for using External security service providers including scoping, management of services, remediation tracking, and exception management
Knowledge of OWASP, WASC, SANS, CVE, and CVSS (Threat & Vulnerability classification).
General Security:
ISO 27001: knowledge, implementation, and management
Risk management concepts and principals - including assessment, prioritization, delivery of treatment plans, tracking, reporting, and metrics (accreditation and certification). Experience with NIST-SP800-30, ISO/IEC 27005, OCTAVE, COSO, COBIT.
Embedding security into processes such as SDLC, Project Lifecycle, ITIL, etc.
Basic project management and consultancy skills
Infrastructure security (perimeter, network, application, operating system, mobile device)
Knowledge of security solutions, latest threats, and countermeasures
SharePoint
Knowledge of information risk/security frameworks
Certifications: (Minimum + at least 2 preferred)
CISSP (minimum)
GIAC, GSSP-NET, GWAPT, GPEN (preferred)
CISM (preferred)
Skills
Risk management, Risk assessment, Risk analysis, Security, Cloud, AZURE, CISSP
Top Skills Details
Risk management,Risk assessment,Risk analysis,Security,Cloud,AZURE,CISSP
This position is for a Risk Manager (Senior level) - ***
Identify Security Risk
Risk Mgmt and Certifications
-When IMF moves an application into Production. This position is Reviewing and Certifying
Working With all pieces of the organization (Business, IT, Security, Legal, procurement, etc.
3 Parts to the role
- 1 Assessments - When a business owner wants to add a new App or Tool they work with Risk Manager to make sure legal and procurement are good
- 2 Design Solutions - What Security has to be baked into solutions, ensure Security risks are Verified. (Bubble up Risk) (again work with Business, IT, Legal, etc.)
- 3 Certifications - insure that current applications are updated periodically
IMF is a Microsoft shop
- Azure Experience - Configure Azure Cloud Services NOT as user but Security Configurations
- understand Azure and how it may affect application
- Azure Hands on knowledge, did some implementations, possibly even a product owner
NTH - ServiceNow or Archer experience (looking to implement ServiceNow so experience would be nice)
Candidate with Certifications would be good
Understand how Technical controls and process work together 360 degree view
Pay and Benefits
The pay range for this position is $85.00 - $95.00/hr.
Eligibility requirements apply to some benefits and may depend on your job
classification and length of employment. Benefits are subject to change and may be
subject to specific elections, plan, or program terms. If eligible, the benefits
available for this temporary role may include the following:
Medical, dental & vision
Critical Illness, Accident, and Hospital
401(k) Retirement Plan - Pre-tax and Roth post-tax contributions available
Life Insurance (Voluntary Life & AD&D for the employee and dependents)
Short and long-term disability
Health Spending Account (HSA)
Transportation benefits
Employee Assistance Program
Time Off/Leave (PTO, Vacation or Sick Leave)
Workplace Type
This is a hybrid position in Washington D.C.,DC.
Application Deadline
This position is anticipated to close on Jun 23, 2025.
About TEKsystems and TEKsystems Global Services
We're a leading provider of business and technology services. We accelerate business transformation for our customers. Our expertise in strategy, design, execution and operations unlocks business value through a range of solutions. We're a team of 80,000 strong, working with over 6,000 customers, including 80% of the Fortune 500 across North America, Europe and Asia, who partner with us for our scale, full-stack capabilities and speed. We're strategic thinkers, hands-on collaborators, helping customers capitalize on change and master the momentum of technology. We're building tomorrow by delivering business outcomes and making positive impacts in our global communities. TEKsystems and TEKsystems Global Services are Allegis Group companies. Learn more at TEKsystems.com.
The company is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.
Top Skills' DetailsIt is mandatory that the candidate has:
a) Technical security working experience with a broad range of Azure services.
b) Microsoft Certified: Cybersecurity Architect Expert.
c) Advanced working knowledge of:
- Azure Cloud and Microsoft 365 security controls, solutions, and future roadmaps.
- Azure Key Vault, Azure Kubernetes Service, Azure Active Directory, Defender for Cloud, Azure monitor, Azure API Management, Application gateway.
Additional certification with other Azure security areas is a plus.
Description
Under the general supervision of the Section Chief (Governance, Risk, Compliance & Data Security), the Senior Information Risk Consultant will provide information risk management and IT security expertise. The expertise will take the form of risk analysis, consultancy, policy, standards and best practice guidance, and process improvements. The candidate with be required to work with project teams, service providers, and business units internal and external to the Fund's IT function. The candidate is expected to bring pragmatic risk management experience allowing for the Fund to meet its present and emergent business needs but in compliance to Fund's security polices and standards and within risk appetite. The candidate is expected to advise and influence technology and business personnel regarding the value and methods of safeguarding information, applications, systems, infrastructure, and activities to help ensure that technologies function optimally; work practices are optimized so that the information risks are managed.
Specific responsibilities include:
Delivers information security risk assessments (Certification and Accreditation) of projects, new technologies, external service providers, and IT changes. Guides staff and managers on the appropriate risk mitigation strategies.
Effectively communicates requirements and trains staff and managers in IT divisions to identify and manage risks throughout the project lifecycle.
Communicates and reports on risk metrics to IT management and governance groups.
Maintain impartiality around IT systems to produce unbiased reports on information security risk;
Conducts quality assurance reviews of security requirements and audit recommendations for the implementation of identified solutions.
Manages the engagement process of external risk assessment providers and acts as a liaison with internal IT project teams and business units.
Supports the Fund's ISO 27001 certification by promoting self-compliance to policies and standards by IT staff and managers. Keeps abreast of international information security codes of practice such as ISO 27001/27002, information security and privacy regulations and how these measures could affect information assets owned by, or administered on behalf of, the IMF.
Assists with the development of the Fund's enterprise security architecture standards at the business, information, infrastructure, and application level. Provides subject matter expertise on enterprise security architecture and influences selection of tools and technologies to support the Fund's security architecture standards.
As an advocate of information security, works closely and proactively with IT project team leaders, service providers, and business units to provide security-related technical solutions. Identifies opportunities to improve business practices or IT security-related processes.
Analyzes, recommends and implements process improvements within the context of information security.
Works closely with IT project teams to develop implementation plans for new security-related products and services.
Coordinates the preparation and presentation of user technical support and training materials to ensure the efficient, effective and secure use of information and communications technology.
Coordinates and supports the work of security governance.
Prioritizes, monitors, and assesses compliance and audit recommendation results to ensure they are comprehensive, robust, and of high quality."
"Experience should include:
Having worked as or have experience of Information Risk Management at organizations with regulatory compliance requirements
Implementation of Vendor Risk Assessment frameworks
Demonstrated IT Security expertise in infrastructure areas, network, applications, and database system technologies including endpoints
Assisted and taken part in delivering Enterprise Security Architecture principles, service management concepts and experience with use of quality assurance tools and techniques
Delivered improvements in Application Security processes, and vulnerability minimization techniques
General infrastructure Vulnerability Management
Incident response process
Application of project management and systems development methodologies, and managing IT administrative and capital development project budgets
Delivery of Security awareness initiatives
Knowledge of administrative rules and regulations, processes, and technology capabilities
Skills:
Familiarity with a broad range of technologies supplemented by in-depth knowledge in specific areas of relevance
Ability to quickly grasp how new technologies work and how they might be applied to achieve business goals
Analytical skills that enable synthesis of inputs from many sources, and allow for strategic thinking and tactical implementation
Interpersonal skills that create openness and trust among colleagues
Facilitation and conflict management skills that enable effective working relationships
Spoken and written communications that are compelling, convincing and reassuring, and skills to articulate complex technical ideas to non-technical stakeholders
Pragmatic security expert with an inherent ability to balance security demands with business reality
Excellent relationship management skills
Ability to multi-task
Ability to think laterally and to have input to / propose detailed, complex solutions to technical issues
Education:
Advanced degree in Information Security and minimum 5 years experience in regulated industries working as an information risk manager or as an IT security architect; or
Bachelors degree in Information Security and minimum 10 years experience in regulated industries working as an information risk manager or IT security architect; or
Advanced university degree in computer science, engineering, mathematics, business or related field of study plus a minimum of 12 years of relevant experience in regulated industries working as an information risk manager or IT security architect."
" Assisting in the delivery of an IT Security Strategy and Architecture
Delivery of Information Security Risk and architecture assessments including consulting on threat modeling, appropriate tiering of N tier applications, placement, and infrastructure controls to protect application components. Able to consult and review the implementation of authentication (SSO, LDAP, AD), authorization (fine grained and course grained), and cryptography (PKI, SSL, kerberos, crypto algorithms) mechanisms within applications.
Experience with Identity and Access management suite integration, Web services (SAML, WS-Federation and WS-Security), and SOA security,
Defining the policies, standards, and guidelines for Information Security activities including Application and Infrastructure Security Vulnerability management and ensuring Application Security is integrated into SDLC
Ability to consult and deliver standards and guidelines on the hardening of application and infrastructure components, tools and techniques to ensure the security of application and infrastructure components such as LINUX/Windows servers, Web servers (IIS, Apache, tomcat), app servers, Databases (Oracle and MS SQL), endpoints (MAC, Windows, Apple IOS, Blackberry etc), ArcSight, and Web Application Firewalls.
Manage and review the output of Application and Infrastructure Security assessments conducted by external security services firms. Defining process and procedures for using External security service providers including scoping, management of services, remediation tracking, and exception management
Knowledge of OWASP, WASC, SANS, CVE, and CVSS (Threat & Vulnerability classification).
General Security:
ISO 27001: knowledge, implementation, and management
Risk management concepts and principals - including assessment, prioritization, delivery of treatment plans, tracking, reporting, and metrics (accreditation and certification). Experience with NIST-SP800-30, ISO/IEC 27005, OCTAVE, COSO, COBIT.
Embedding security into processes such as SDLC, Project Lifecycle, ITIL, etc.
Basic project management and consultancy skills
Infrastructure security (perimeter, network, application, operating system, mobile device)
Knowledge of security solutions, latest threats, and countermeasures
SharePoint
Knowledge of information risk/security frameworks
Certifications: (Minimum + at least 2 preferred)
CISSP (minimum)
GIAC, GSSP-NET, GWAPT, GPEN (preferred)
CISM (preferred)
Skills
Risk management, Risk assessment, Risk analysis, Security, Cloud, AZURE, CISSP
Top Skills Details
Risk management,Risk assessment,Risk analysis,Security,Cloud,AZURE,CISSP
This position is for a Risk Manager (Senior level) - ***
Identify Security Risk
Risk Mgmt and Certifications
-When IMF moves an application into Production. This position is Reviewing and Certifying
Working With all pieces of the organization (Business, IT, Security, Legal, procurement, etc.
3 Parts to the role
- 1 Assessments - When a business owner wants to add a new App or Tool they work with Risk Manager to make sure legal and procurement are good
- 2 Design Solutions - What Security has to be baked into solutions, ensure Security risks are Verified. (Bubble up Risk) (again work with Business, IT, Legal, etc.)
- 3 Certifications - insure that current applications are updated periodically
IMF is a Microsoft shop
- Azure Experience - Configure Azure Cloud Services NOT as user but Security Configurations
- understand Azure and how it may affect application
- Azure Hands on knowledge, did some implementations, possibly even a product owner
NTH - ServiceNow or Archer experience (looking to implement ServiceNow so experience would be nice)
Candidate with Certifications would be good
Understand how Technical controls and process work together 360 degree view
Pay and Benefits
The pay range for this position is $85.00 - $95.00/hr.
Eligibility requirements apply to some benefits and may depend on your job
classification and length of employment. Benefits are subject to change and may be
subject to specific elections, plan, or program terms. If eligible, the benefits
available for this temporary role may include the following:
Medical, dental & vision
Critical Illness, Accident, and Hospital
401(k) Retirement Plan - Pre-tax and Roth post-tax contributions available
Life Insurance (Voluntary Life & AD&D for the employee and dependents)
Short and long-term disability
Health Spending Account (HSA)
Transportation benefits
Employee Assistance Program
Time Off/Leave (PTO, Vacation or Sick Leave)
Workplace Type
This is a hybrid position in Washington D.C.,DC.
Application Deadline
This position is anticipated to close on Jun 23, 2025.
About TEKsystems and TEKsystems Global Services
We're a leading provider of business and technology services. We accelerate business transformation for our customers. Our expertise in strategy, design, execution and operations unlocks business value through a range of solutions. We're a team of 80,000 strong, working with over 6,000 customers, including 80% of the Fortune 500 across North America, Europe and Asia, who partner with us for our scale, full-stack capabilities and speed. We're strategic thinkers, hands-on collaborators, helping customers capitalize on change and master the momentum of technology. We're building tomorrow by delivering business outcomes and making positive impacts in our global communities. TEKsystems and TEKsystems Global Services are Allegis Group companies. Learn more at TEKsystems.com.
The company is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.