IT Security Specialist

IT security, FISMA, NIST, Risk, HIPPA, CISM, CISSP, CRISC
Contract W2, Contract Independent, Contract Corp-To-Corp, 14 Months
Depends on Experience
Work from home available Travel not required

Job Description

Typical Tasks:

  • Develops, implements, and maintains the client wide security standards, guidelines, policies, and procedures based on best practices and compliance requirements; recommends security enhancements;
  • Ensures ongoing security compliance and prevents the unauthorized use, release, modification, or destruction of data;
  • Oversees the development of risk programs to achieve required risk tolerance levels; assists departments to establish appropriate risk levels;
  • Designs secure business processes in conjunction with the client departments, based upon defined risk tolerance levels;
  • Works with the security engineers to schedule testing of systems (scans, system test and evaluation) and examines active monitoring to ensure controls are in place and are effective;
  • Evaluates security incidents, develops solutions, and communicates results to technical staff and management;
  • Collaborates with the department IT managers outside of the Technology Services and Solutions to ensure information security and privacy risks are identified, documented and addressed in a timely manner; tracks corrective action plans;
  • Provides consulting, training, and security awareness services to other departments to effectively interact with the client Information Security and leverage centralized control capabilities within their operating environment;
  • Conducts information security risk assessments within the Technology Services and Solutions and on an enterprise-wide basis;
  • Conducts periodic departmental security audits; identifies noncompliance and recommends corrective actions to comply with Federal regulations and client policy;
  • Advises management of risks and best security practices; prepares status reports for managers regarding compliance issues and provides regulatory updates;
  • Enforces information security standards, guidelines, policies, and procedures;
  • Leads key cross-functional efforts to assess and improve the control environment or ensure regulatory compliance;
  • Leads key cross-functional efforts to assess and improve the control environment or ensure regulatory compliance;
  • Assesses the impact of external actions on computer systems and networks and determines whether the client has been subjected to a system failure, a computer related crime, or potentially hostile information warfare;
  • Conducts security research to stay abreast of security issues and industry trends;

 

Training and Experience:

  • Sufficient education, training, and experience to demonstrate the ability to perform the above tasks and the attainment of the knowledge and abilities listed below.
  • Five (5) years of increasingly responsible experience in the information security technology field. Experience with project management; direct audit activities; information assurance; risk management; or in a compliance environment, with emphasis in IT or Healthcare, is desirable

 

Certifications:

  • Certification in audit and/or risk management such as Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), and/or Certified Information Systems Security Professional (CISSP) preferred.

 

Knowledge of:

  • IT security principles, practices, terminology and trends;
  • Risk and threat assessment process and practices;
  • Information security risks, controls, regulatory guidelines, and industry standards related to information security;
  • Industry best practices in risk identification, mitigation, and control assessments;
  • Laws and regulations outlined in the Federal Information Security Management Act (FISMA) framework;
  • Federal Risk and Authorization Program (FedRAMP);
  • National Institute of Standards and Technology (NIST) Risk Management Framework.

 

Ability to:

  • Conduct information security risk assessments and security audits on an enterprise-wide basis;
  • Conduct independent systems analysis of complex business processes;
  • Test and monitor security controls;
  • Identify noncompliance and recommend corrective action; lead or work collaboratively with the client staff on issues of compliance and risk management;
  • Enforce information security standards, guidelines, policies, and procedures;
  • Define and discern key aspects of a problem and develop an integrated solution within a broad technical and business context;
  • Develop, maintain, and recommend enhancements to risk programs, standards, guidelines, policies, and procedures;
  • Communicate risk status to various levels of management;
  • Identify, gather, and analyze key risk data and propose remediation actions when necessary;
  • Lead multi-department risk assessment projects requiring coordination with numerous stakeholders and oversight bodies; plan and manage projects;
  • Prepare a variety of reports;
  • Learn Health Insurance Portability and Accountability Act (HIPPA) Security and privacy rules and requirements for Payment Card Industry compliance;
Dice Id : lodpa001
Position Id : 799670
Originally Posted : 6 years ago
Have a Job? Post it