Information security related certification(s) such as CISSP, CISA, CISM desired, but not required.
3 to 5 years’ experience in an information security program performing various information security activities, assessing security controls and incident response work history that includes selection and implementation of security controls; experience with risk management and NIST; previous work in an environment that includes multiple projects and programs; experience with assessing HIPAA security rule controls is preferred; and experience in public sector or human services business domain is preferred.
· Support DHS activities to ensure compliance with security standards and guidelines established by DHS.
· Perform activities that comply with enterprise standards and requirements, and achievement of operational goals and objectives.
· Works with other individuals within the Privacy and Security Compliance Office, DHS divisions and offices to adhere and comply with documented security policies, procedures, standards, and guidelines.
Participates in design sessions and discussions with vendors to determine whether planned implementations meet the security and privacy requirements. Identify weaknesses and offer potential solutions to mitigate risks.
· Supports problem resolution related to security incidents and security operations, and assist with the development of workable solutions.
· Participates in a variety of activities with the Office of Enterprise Technology Services (ETS) to understand and contribute to the State’s overall management of security incidents and DHS security operations.
· Performs data gathering in support of project status reports to the DHS teams, Operations Committee and Executive Steering Committee. Support activities to identify and mitigate identified risks.
· Utilizes appropriate departmental staff as well as outside resources to seek the proper knowledge, skills and abilities required to carry out the objectives/activities of assigned projects and tasks.
· Maintains active and open communications with security team and consultants/contractors as needed ensuring effective coordination and integration of projects. Provides teams with constructive feedback as it pertains to project security.
· Information security principles, methodologies and practices as they relate to the following information security activities: access control, application security, business continuity and disaster recovery planning, cryptography, risk management, legal and regulatory constraints, compliance, investigations (eDiscovery), operations security, security architecture and design, telecommunications and network security; good understanding of information security aspects of large, complex IT systems and applications; MARS-E, MITA, NIST Special Publications 800 Series (preferred); and public sector or human services business domain (preferred).
· Review and ensure the quality of security artifacts; obtain and analyze facts, identify risks and potential mitigation strategies; resolve conflicts fairly and consistently; exercise judgment and make logical and objective decisions; work independently and in a team; gain the confidence and cooperation of others; juggle multiple/conflicting priorities; and communicate effectively both orally and in writing.
8251 Greensboro Drive, Suite 250
(703) 373-7340 Ext.395