Seeking a Security Compliance Analyst to lead internal staff in the implementation and execution of technical aspects of an enterprise security plan. Will be the subject matter expert on security issues/projects so that team members can increase their security knowledge. Looking for a
fast learner who can come up to domain knowledge speed quickly.
Duration: 12-24 months
Work locations: Pleasanton or Vacaville (onsite for the 1st week, onsite as needed onward)
Deliverables/duties:
- Conduct the most complex Risk Assessments (RAs)
- Provide in-depth security knowledge and consultation when analyzing security risks (e.g., analyzing security related reports, evaluating security risks impacting and making recommendations to all programs.
- Develop and maintain security policies and standards based on security framework and industry standards including the identification of risk rating for each security control.
- Train/mentor new/existing ESEC group members on RAs/BRDs/TDDs/security defects (e.g., identify applicable security risks and mitigating controls; review for adherence to the system engineering handbook/security-policies & standards).
- Develop/maintain procedures (e.g., RA/BRD/TDD/security defects)
- Perform analysis on the most complex Security Incident Response (SIR) tickets as needed
- Attend meetings/represent information security for all security matters
- Act as lead/co-lead/backup on assigned information security projects
- Provide skills enhancement at a satisfactory rate & report any issues that may impede the progress of training and mentoring.
- Provide input to contract executives to develop training and mentoring plans to include specific skill sets, tasks, and training methodologies.
- Execute the training and mentoring plan(s) with internal employees and provide input to refine and further develop training and mentoring plans as training progresses.
- Meet and discuss progress of training of internal employees monthly.
- Document a training plan on the “mentoring & skill enhancement planner” and to monitor progress of training and mentoring with internal employee(s).
Technical working exp./skills:
At least 5 yrs. of information technology experience and at least 2 yrs. of lead/management exp. performing a variety of progressively responsible technical & analytical work.
At least 5yrs of security practice exp:
- Technical security project management skills.
- Working experience using best practices standards and frameworks: ISO 27001/27002, PCI: DSS V4; GLBA; HIPPA/HITECH; NIST 800-53; CIS CONTROLS, NIST CSF, CIS RAM
- Hardware: Networks switches, routers, load balancers, servers, storage systems, end-user systems, mobile devices, or other devices that enable the organization to complete its mission
- Operating Systems: Unix, Linux, Windows
- Network: LAN, WAN, Internet, Proxy/Filtering, Firewall, VPN, DMZ
- Network protocols such as: TCP/IP, SNMP, SMTP, NTP, DNS, LDAP, NFS, SAMBA
- Databases: Oracle, SQL, MySQL
- Cloud platforms: IAAS, PAAS, SAAS
- Security concepts such as: Encryption or Hardening
- Security: GRC
- Active Directory
- Programming languages are a plus
Professional skills:
- Strong analytical and critical thinking skills
- Excellent written and oral communication skills to effectively communicate across all levels of the organization
- Proven ability to present to a senior management & executive level audience
- Working experience of security, policy compliance, and governance framework including
- Expert knowledge in security project management practices
- Self-motivated/self-starter/proactive, working closely & actively communicating with team members to accomplish time critical tasks & deliverables
- Working experience in a highly regulated environment, managing information risks and expectations across multiple stakeholder groups. Working experience of emergent security risks.
- Convey and explain complex problems and solutions in an understandable language to both technical and non-technical persons
- Think creatively and critically, analyzing complex problems, weighing multiple solutions, and carefully selecting solutions appropriate to the business needs, project scope, and available resources
- Take responsibility for the integrity of the solution
- Ability to be a strategic thinker
- Demonstrated ability to influence others
- Experience managing multiple projects
- At least 5yrs of exp. in information security
- CISA, CISM, and/or CISSP certification is required.