Information Security Engineer
Eldorado Hill, CA OR San Francisco, CA
6 Months +
Roles & Responsibilities:
Day to Day Responsibilities of this Position and Description of Project:
Analyze assessment findings and establish a risk score based on an established scoring framework.
- Present findings and assessment to business owners as well as third party vendor.
- Review third party vendor remediation plans and determine if the plan sufficiently mitigates identified risks. Track progress on remediation of identified risks and vulnerabilities and provide appropriate reporting to constituents.
- Enhance risk/vulnerability assessment programs and questionnaires to aid in the identification and mitigation of security risks.
- Monitor appropriate sources for newly identified vulnerabilities, evaluate the risks such vulnerabilities pose to the organization’s information and systems, and advise management of appropriate measures to eliminate or reduce the organization’s risk or exposure to such vulnerabilities.
- Communicate on regular basis with key stakeholders on status, issues and solutions to resolving those issues
- Participating in security planning and analyst activities
- Work in combination with Project Managers to ensure Security is engaged in projects
- Developing, refining and implementing of enterprise wide security policies, procedures and standards to meet Blue Shield of California’s compliance responsibilities
- Working with customers to identify security requirements using methods that may include risk and business impact assessments
- Working closely with IT and development teams to design secure infrastructure solutions and applications, facilitating the implementation of protective and mitigating controls
- Monitoring risk mitigation and coordinating policy and controls to ensure that other managers are taking effective remediation steps
- Developing and managing security measures for information systems to prevent security breaches
- Participating in security investigations and compliance reviews as requested by external auditors
- Conducting and reports on internal investigations of possible security violations
- Performing security monitoring, analyzes security alerts and escalates security alerts to local support teams
Self-directed and independent
Familiarity with security regulations in compliance legislation and other directives including PCI, Sarbanes-Oxley
Identify, document, and monitor key business processes needed to achieve successful business results. Map and document processes while developing framework for process improvement
CISA, CISSP, CRISC preferred
Recruiting Executive || Infosmart Systems Inc
5850 Town and BLVD,Suite # 1102 Frisco, Texas 75034