Security Compliance Analyst

Seeking a Security Compliance Analyst to lead internal staff in the implementation and execution of technical aspects of an enterprise security plan. Will be the subject matter expert on security issues/projects so that team members can increase their security knowledge. Looking for a 
fast learner who can come up to domain knowledge speed quickly. 

Duration: 12-24 months
Work locations: Pleasanton or Vacaville (onsite for the 1st week, onsite as needed onward)

Deliverables/duties: 

• Conduct the most complex Risk Assessments (RAs)
• Provide in-depth security knowledge and consultation when analyzing security risks (e.g., analyzing security related reports, evaluating security risks impacting and making recommendations to all programs.
• Develop and maintain security policies and standards based on security framework and industry standards including the identification of risk rating for each security control.
• Train/mentor new/existing ESEC group members on RAs/BRDs/TDDs/security defects (e.g., identify applicable security risks and mitigating controls; review for adherence to the system engineering handbook/security-policies & standards).  
• Develop/maintain procedures (e.g., RA/BRD/TDD/security defects) 
• Perform analysis on the most complex Security Incident Response (SIR) tickets as needed 
• Attend meetings/represent information security for all security matters
• Act as lead/co-lead/backup on assigned information security projects
• Provide skills enhancement at a satisfactory rate & report any issues that may impede the progress of training and mentoring.
• Provide input to contract executives to develop training and mentoring plans to include specific skill sets, tasks, and training methodologies.
• Execute the training and mentoring plan(s) with internal employees and provide input to refine and further develop training and mentoring plans as training progresses. 
• Meet and discuss progress of training of internal employees monthly.
• Document a training plan on the “mentoring & skill enhancement planner” and to monitor progress of training and mentoring with internal employee(s).

Technical working exp./skills:
At least 5 yrs. of information technology experience and at least 2 yrs. of lead/management exp. performing a variety of progressively responsible technical & analytical work. 

At least 5yrs of security practice exp: 

• Technical security project management skills. 
• Working experience using best practices standards and frameworks:  ISO 27001/27002, PCI: DSS V4; GLBA; HIPPA/HITECH; NIST 800-53; CIS CONTROLS, NIST CSF, CIS RAM
• Hardware: Networks switches, routers, load balancers, servers, storage systems, end-user systems, mobile devices, or other devices that enable the organization to complete its mission
• Operating Systems: Unix, Linux, Windows
• Network: LAN, WAN, Internet, Proxy/Filtering, Firewall, VPN, DMZ 
• Network protocols such as: TCP/IP, SNMP, SMTP, NTP, DNS, LDAP, NFS, SAMBA
• Databases: Oracle, SQL, MySQL 
• Cloud platforms: IAAS, PAAS, SAAS 
• Security concepts such as: Encryption or Hardening
• Security: GRC 
• Active Directory 
• Programming languages are a plus 

Professional skills:

• Strong analytical and critical thinking skills
• Excellent written and oral communication skills to effectively communicate across all levels of the organization
• Proven ability to present to a senior management & executive level audience
• Working experience of security, policy compliance, and governance framework including

• Expert knowledge in security project management practices
• Self-motivated/self-starter/proactive, working closely & actively communicating with team members to accomplish time critical tasks & deliverables
• Working experience in a highly regulated environment, managing information risks and expectations across multiple stakeholder groups. Working experience of emergent security risks. 
• Convey and explain complex problems and solutions in an understandable language to both technical and non-technical persons
• Think creatively and critically, analyzing complex problems, weighing multiple solutions, and carefully selecting solutions appropriate to the business needs, project scope, and available resources
• Take responsibility for the integrity of the solution
• Ability to be a strategic thinker
• Demonstrated ability to influence others
• Experience managing multiple projects
• At least 5yrs of exp. in information security
• CISA, CISM, and/or CISSP certification is required.