Wednesday, March 21, 2018

Security Analyst

SCIF: State Compensation Insurance Fund

Job description:
The tasks for the Security Analyst include, but are not limited to, the following:
  1. Act as a Lead Consultant/Subject Matter Expert/domain champion
  2. Work on development of Information Security plan (ISP) and performing gap analyses
  3. Assist in updating/developing ISP, policies, training materials, website, procedures, controls, etc.
  4. Assist with audit remediation validation for compliance to security policies/standards
  5. Assist in the evaluation of security risk assessments and gap analysis
  6. Knowledge transfer to and training of State Fund employees
  7. Assist in updating/developing policies, training materials, website, procedures, controls, etc.
  8. Assist in creating policy compliance procedures including compliance measurement reports/dashboard
  9. Assist with audit remediation validation for compliance to security policies/standards
  10. Assist with the implementation of the various security tools
  11. Knowledge transfer to and training of State Fund employees
  12. Attend meetings/Represent Enterprise Security as a Senior Lead for all security matters
  13. Act as Lead/Co-Lead/Backup on assigned Enterprise Security project
  14. Knowledge transfer to and training of State Fund employees  

Technical Knowledge and Skills:
  • Hardware: network switches, routers, load balancers, servers, storage systems
  • Operating Systems: UNIX, Linux, Windows
  • Network: LAN, WAN, Internet, Proxy/Filtering, Firewall, VPN, DMZ
  • Network Protocols such as TCP/IP, SNMP, SMTP, NTP, DNS, LDAP,  NFS, Samba, etc
  • Active Directory
  • Vulnerability Assessments
  • Penetration Testing
  • Security
  • Mainframe DB2
  • Oracle databases
  • Best Practices Standards: ISO 27001/27002, PCI:DSS v3; GLBA; HIPPA/HITECH; NIST 800-53; California State Administrative Manual.
  • Excellent communication, technical writing, and customer service skills
Professional Skills:
  • 5-15+ Years’ experience in information security, Audit, and Security/Audit Compliance.
  • CISSP Required.  Other highly desirable security certifications may be substituted for CISSP (for e.g., CISM, CISA, etc.)
  • Extensive experiencing conducting ISO 27k gap assessment preferred but not required
  • Should have extensive experience in leading IT security/compliance/audit projects.
.

Ruchika Sinha| Resource Manager
48531 Warm Springs Blvd # 405 Fremont, CA 94539
Mobile: 510-378-1964 | Fax: (775)201-9919

Email: ruchikas@caspex.com
Web: www.caspex.com