This position reports to the Security Risk and Compliance Office (SRCO) Manager, Information Technology Office.
The candidate will have hands-on experience performing PCI_DSS assessment, SOC2 Type1 and Type2 audits, developing KPI and reporting matrix, and formulating cost-benefit analysis to help align SRCO and Network Operations technology solutions with business initiatives and delivery.
Have a good understanding of Network and Security technology solutions and can articulate them to meet current and future FTE's Information Technology and business initiatives.
Responsibilities
- Work with SRCO and Network Operations team to develop and maintain a comprehensive list of Information Security and Network Operations hardware deployment in FTE's data centers and roadside sites.
- Maintain and enhance SRCO and Network Operations software and tools to identify licensure, including annual renewals. Work with the TDC procurement team to explore opportunities for consolidating renewals.
- Develop and maintain Department's KPI and create monthly and quarterly reporting for the leadership.
- Perform annual review and adhoc changes in Information Security Policies and ensure compliance with Florida State Statues, FDOT, PCI-DSS, and industry best practices.
- Perform annual PCI assessment for the Department, including coordination with internal teams and thirdparty vendors. Ensure that reporting requirements meet the established timeline.
- Coordinate and perform Department's SOC2 assessment. This includes coordination with both the internal teams and external parties to obtain documentation and ensure that established timelines are met.
- Assist Department with annual and adhoc audits for compliance with State of Florida status and established compliance requirements.
- Assist with managing supply chain oversight, including establishing, maintaining, and performing a risk assessment. Develop risk matrix and management reporting.
- Manage vulnerability program to ensure remediation based on established Service Level Agreements, including PCI-DSS and Cybersecurity Frameworks. Develop management reporting.
- Assist the SIRT team in formulating testing schedules, conducting tabletop exercises, and facilitating lessons learned workshops and management reports.
Requirements Education:
- Bachelors degree or equivalent experience
Experience:
- Must have 5 to 7 years hands-on experience in performing PCI-DSS assessment
- Must have 4 to 6 years hands-on experience with SOC2, Type1, and Type 2 assessment
- Strong experience with managing and organizing Security Incident Response Team (SIRT) activates
- Must have 5 to 7 years of experience using GRC tools such as Archer and ServiceNow.
- Must have 3 to 4 years hands-on experience in performing IT business processes and cost-benefit analysis.
- Must have strong presentation and written communication skills.
- Strong working knowledge of Excel, Visio, MS-Word, and developing PowerPoint presentations.
- Have a good understanding of Information Technology tools and technology supporting overall IT organization and business.
Certification
- Certified Information Security Manager (CISM) (Preferred)
Deliverables
The Consultant shall:
? Provide software development programming estimates.
? Develop software applications in conformance with standard practice.
? Develop and execute software test plans as directed.
? Develop software and application documentation confirming to customer standards.
? Abide by department security policies when accessing customer buildings and systems.
? Report hours on a weekly basis.
? Abide by the provided TDC Ethics Code.