| Information Security Architect or Analyst Frankfort, KY (Remote with Occasional travel) || W2 Requirement at Frankfort, New York, USA |
| Email: [email protected] |
| From: Rama Koti, Rey Infotech [email protected] Reply to: [email protected] Information Security Architect/Analyst Frankfort, KY (Remote with Occasional travel) W2 position Must have CISP certification. Job Description: Security Program Development: o Analyze the current state of the Division's security program and design future states, creating a roadmap for implementation. o Develop a business case and key performance indicators (KPIs) and socialize the security program within the Division. Security Policy Management: o Assess, manage, and improve security policies and procedures to align with industry best practices and organizational objectives. o Advise on security decisions and direction based on the Division's vision and mission. Collaboration and Strategy Development: o Collaborate with other Division Architects and the Security Operations Manager to develop global security strategies based on industry best practices. o Advise on security decisions and direction based on a deep understanding of the Division's vision and mission. Security Architecture Development: o Develop and maintain a security architecture process aligned with business and technology drivers. o Create security strategy plans and roadmaps based on enterprise architecture practices. Security Standards and Procedures: o Draft security procedures and standards for executive management approval or authorization by the Cabinet CISO. o Determine baseline security configuration standards for operating systems, network segmentation, and identity and access management. Risk Assessment and Response: o Perform risk assessments, advise on risk response strategies, and identify security issues from system integration. o Conduct or facilitate threat modeling of services and applications to mitigate associated risks. Collaboration and Coordination: o Coordinate with DevOps teams to advocate secure coding practices and escalate concerns about poor coding practices. o Liaise with privacy and compliance officers to document data flows of sensitive information and recommend appropriate controls. Security Operations Support: o Support internal security controls testing and validation as directed by the CISO or internal audit team. o Review security technologies, tools, and services and recommend their use based on security metrics. Security Infrastructure Implementation: o Evaluate, select, and implement security technologies, tools, and solutions to enhance the organization's security posture. o Configure and deploy security infrastructure components such as firewalls, intrusion detection/prevention systems, endpoint protection, encryption, and authentication mechanisms. Incident Response and Forensics: o Develop incident response plans and procedures to mitigate security incidents effectively. o Conduct post-incident analysis and forensic investigations to identify root causes and prevent future occurrences. Security Awareness and Training: o Develop and deliver security awareness training programs to educate employees on security risks and best practices. o Provide ongoing support and guidance to staff regarding security-related inquiries and concerns. Preferred Education & Experience: Bachelor's degree in computer science, Information Security, or related field; advanced degree preferred. Proven experience (5+ years) in information security architecture, design, and implementation. Candidates with one or more of the following certifications are a plus: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), or other relevant certifications preferred. This is a partial listing of the necessary knowledge, skills, and abilities to perform the job successfully. It is not an exhaustive list. Ability to set the tone for the organization and motivate management and team. Understanding information security regulations, including the Federal Information Security Management Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP), ISO 27001, COBIT NIST, and ITIL. Maintaining security, assessing and evaluating security, and doing security incident forensic work. Knowledge of vendors and their products, including: Experience with Government agencies, particularly the Department of Defense (DoD), on information security matters. Experience with Government Classified systems and the associated security requirements. Updates job knowledge by tracking and understanding emerging security practices and standards, participating in educational opportunities, reading professional publications, maintaining personal networks, and participating in professional organizations. Proficiency in Microsoft Office Suite (Word, Excel, Outlook, etc.) Innovative and creative mindset Basic network security knowledge (general principles) Excellent documentation and communication skills. Ability to organize tasks into milestones and successfully execute to project completion. Can work independently with little direct supervision. General cyber-security understanding Rama Koti Sr. US IT Recruiter E: [email protected] Keywords: information technology wtwo Kentucky |
| [email protected] View all |
| Tue Mar 19 21:13:00 UTC 2024 |