| Great Career Opportunity :: State of California - State Controller's Office (SCO) - IT Assessment Consultant - Hybrid role. at West Sacramento, California, USA |
| Email: [email protected] |
| Hello Professional , Greetings, Trust this message finds you in good health. Based on your impressive skills and experience, I believe you would be an excellent fit for a pivotal role at Flairsoft. I would appreciate the opportunity to speak with you briefly, to learn more about your professional aspirations and discuss our vacancy in greater detail. Please let me know your availability for a brief call. Thank you! Position: IT Assessment Consultant Location: West Sacramento, CA (Position is mostly remote but candidates must be a resident of California) Client: State of California Agency: State Controller's Office (SCO) Interview Type: Video Description: The Contractor shall provide continuous information technology (IT) assessment services on the State Controllers Office (SCO) systems, applications, and network. IT Assessment services shall also include consulting services as the Contractor shall work directly with SCO in determining remediation and follow-up IT assessments. All services provided shall ensure SCO is compliant with SCOs Security Compliance Standard as determined by SCO Security Standard Assessments. Services will be completed both remotely and onsite. Onsite services shall be performed at an SCO facility to be determined. All remote services must be performed within California. IT Assessment Requirements The Contractor shall provide IT assessment services under the following category: SCO Security Standard Assessments: This assessment involves evaluating SCO's security controls against what has been defined as the combination of the SCO Minimum Compliance Criteria (MCC) and Discretionary Security Requirements (DSR) along with a list of established industry frameworks. This process ensures that SCO meets the minimum-security standards, while also allowing for customized enhancements based on specific needs and risk profiles. Minimum Compliance Criteria (MCC): The absolute minimum requirements that SCO must address to comply with applicable laws, regulations and agreements. Shall include all successor publications. Information Practices Act of 1977 (IPA). California Assembly Bill 2135 Information Security 2021/2022. National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 - Security and Privacy Controls for Information Systems and Organizations Moderate Baseline Version 5.0 Federal Information Processing Standards (FIPS) 199 for Security Categorization of Federal Information and Information Systems. FIPS 200 Minimum Security Requirements for Federal Information and Information Systems. Health Insurance Portability and Accountability Act (HIPAA). Health Information Technology for Economic and Clinical Health Act (HITECH) 2009. Discretionary Security Requirements (DSR): These requirements are tied to SCOs risk appetite. They are above and beyond MCC, where SCO has identified additional cybersecurity and data protection controls to address voluntary industry practices or internal requirements. DSR shall include the following successor publications: Statewide Information Management Manual (SIMM) 5300 3/2022. State Administrative Manual (SAM) 5300 12/2013. Cybersecurity Maturity Model Certification (CMMC) 2.0. Capability Maturity Model Integration (CMMI) 2.0. Federal Information Security Modernization Act of 2014 (FISMA) FY22. Frameworks : Frameworks play a vital role in security control assessments by providing a structured approach and guidelines for assessing the effectiveness of security controls. These frameworks, outline best practices, methodologies, and assessment criteria that help ensure comprehensive and consistent security control assessment. They provide a clear roadmap for evaluating SCO's security controls against the MCC, DSRs, and other relevant benchmarks, facilitating a comprehensive and systematic assessment. Shall include all successor publications. The following frameworks shall apply to security assessment: NIST Privacy Framework 1.0. NIST SP 800-37 - Guide for Applying the Risk Management Framework (RMF) to Federal Information Systems rev2 2.0. NIST SP 800-39 - Managing Information Security Risk. NIST SP 800-63-3 - Digital Identity Guidelines 6/2017 NIST SP 800-63A - Enrollment and Identity Proofing 6/2017. NIST SP 800-63B - Authentication and Lifecycle Management 6/2017. NIST SP 800-63C - Federation and Assertions 6/2017. NIST SP 800-160 Vol. 2 Rev. 1: Developing Cyber-Resilient Systems: A Systems Security Engineering Approach NIST SP 800-171 - Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations 2.0. NIST SP 800-218 - Secure Software Development Framework (SSDF) 1.1. Cybersecurity Framework (CSF) 1.1. Open Worldwide Application Security Project (OWASP) Top Ten 2021. Center for Internet Security (CIS) Critical Security Controls (CIS Controls) v8. MITRE ATT&CK. Components SCO shall provide a detailed list(s) to the Contractor upon execution of the Agreement that includes the following components: Systems to be included in assessment (e.g. servers, workstations, laptops, and mobile devices, including both internal and external systems, as well as any cloud-based systems). Applications to be included in assessment (e.g. web applications, mobile applications, and desktop applications, including both custom applications developed by SCO and third-party applications that SCO uses). Network components to be included in assessment (e.g. routers, switches, firewalls, and other network devices, including both internal and external network components, as well as any cloudbased network components that SCO uses). Kind Regards , Shikhar Sharma Technical Recruiter Flairsoft Limited Desk: 6148880700 Ext: 257 linkedin.com/in/shikhar-sharma-08a8a9237/ CMMi and ISO 9001 Certified Keywords: information technology California |
| [email protected] View all |
| Fri Feb 09 19:27:00 UTC 2024 |