Enterprise Security Specialist

Company Name:
New Age Software Services
"US Citizenship required due to the nature of the project"
One of my clients in Richmond, VA is looking for an Information Security Specialist for a 6-12+ month project. This candidate will be expected to implement NIST Rev 4 and new functionality to Rsam GRC Tool. Must be able to work onsite in Richmond, VA, Baltimore, MD or Charlotte, NC.
The Enterprise Information Security Specialist I is responsible for supporting the primary areas within the National Information Security Assurance (NISA) function: Provides subject matter expertise and support for the information security policy direction for the company system and the associated automated system (Rsam) that supports the NIST based security framework. Responsible for fielding security practioner questions about the use of the automated system, and its functionality
Additionally, maintains user guides and associated procedure documents for the automated system and the associated operating procedures
Also, will work with security practioners to assess, analyze and interpret enhancement requests; and work with system admins and developers to develop functional requirements/specifications for the automated system in support of the NIST based security framework
Duties may also include working with policy, procedures, standards, risk management and exception processes; supports the enterprise information security performance program to develop and assess composite risk metrics and compliance statistics as a holistic measure of the company's information security posture; and provides analytical support for informed strategic and tactical decision-making on the company's information security program by assessing and communicating enterprise-level information security risk and security program gaps.
Evaluation, enhancement and support of information security strategy, policy, standards, and processes
Intermediate knowledge of IT related industry governance and controls best practices and regulations (e.g., SOX/COSO, COBIT, ITIL)
Experience with Rsam GRC Tool or equivilant. 2.IT System Operations Support preferred
Requires intermediate
knowledge and results in several of the following areas: Evaluation, enhancement and support of information security strategy, policy, standards, and processes, including standards development, risk management, compliance management, and information security-related processes and procedures
Assessment of the effectiveness of an enterprise information security program through the analysis and correlation of enterprise-wide IT vulnerability and risk assessments, information system control deficiencies, risk mitigate techniques, and control implications in a heterogeneous IT environment, including operating systems, network, middleware, database, contingency, distributed computing, mainframe, etc., Involves the development of related performance metrics and risk indicators for
level reporting
Information security related industry practices, standards and regulations (e.g., ISO 17799/27001, NIST, GLBA, HSPD-12)
Intermediate knowledge of IT related industry governance and controls best practices and regulations (e.g., SOX/COSO, COBIT, ITIL)
Requires strong interpersonal skills to effectively promote ideas at the System level, and promote collaboration and encourage teamwork in same or across department/division/organization as part of project teams/matrix's management
Requires strong analysis and decision making skills to facilitate resolution of highly complex information security compliance and risk issues, and to promote an effective controls environment across the enterprise
Requires strong command and interpersonal, oral, and written communication skills to prepare and present executive and management level briefings and reports related to information security performance, enterprise-wide assessments, and compliance
Prepare presentations, interact and communicate with all management and staff levels across the System and various internal and external entities
Requires a high degree of cooperation, tact, and persuasion
Broad knowledge of IT security systems, processes and procedures, including intrusion detection, firewall technologies, and identity and access management is highly desirable
May require advanced knowledge of and ability to apply formal project management methodology and the application of the PMBOK, as used within the company, as well as industry standard best practices in project management
Bachelor's or Master's degree in information security, information technology,
science or related technical field is preferred, three to seven years of information security, information risk management, and/or information assurance is preferred, or an equivalent combination of education and job-related experience equal to 4 - 7 years
Prior experience in IT operations processes and controls is desirable. Prior company knowledge and experience is desirable. Certification: CISSP, CISA, CISM is desirable.

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.

More Jobs

Senior Principal Security Specialist with Secu...
Ft Myer, VA Analytic Services Inc
Lock and Security Specialist (Assistant Locksm...
Prince George, VA Justice, Bureau of Prisons/Federal Prison ...
Network Specialist, Senior (NOC Systems Engine...
Network Specialist, Senior (NOC Systems Engine...
Federal - Security Technical Writer Specialist
Chantilly, VA Accenture
Corporate Communications Specialist SFC with S...
Ft Myer, VA Abile Group