Primary responsibilities include, but are not limited to the following:
- Review and provide recommendations to develop and improve State Fund’s security processes including performing gap analyses and driving assessments.
- Participate and/or drive implementation of security environment enhancements.
- Knowledge transfer to and training of State Fund employees including documented training materials.
- Advise the CISO and ESEC Team on matters involving organizational, strategic, tactical, and security best practices.
- Attend meetings/Represent ESEC as a Senior Lead for all security matters.
- Act as Lead/Co-Lead/Backup on assigned ESEC projects
- Other duties as assigned such as: update of existing security policies and develop new ones, evaluation of security risk assessments, etc.
TECHNICAL KNOWLEDGE AND SKILLS:
- MINIMUM OF 5+ YEARS OF SECURITY PRACTICES (HANDS ON).
- TECHNICAL SECURITY PROJECT MANAGEMENT SKILLS
- WORKING EXPERIENCE USING BEST PRACTICES STANDARDS AND FRAMEWORKS: ISO 27001/27002, PCI:DSS V3; GLBA; HIPPA/HITECH; NIST 800-53; CIS CONTROLS, NIST CSF, CIS RAM
WORKING EXPERIENCE, AT A MINIMUM:
o HARDWARE: NETWORK SWITCHES, ROUTERS, LOAD BALANCERS, SERVERS, STORAGE SYSTEMS, END-USER SYSTEMS, MOBILE DEVICES, OR OTHER DEVICES THAT ENABLE THE ORGANIZATION TO COMPLETE ITS MISSION
o OPERATING SYSTEMS: UNIX, LINUX, WINDOWS
o NETWORK: LAN, WAN, INTERNET, PROXY/FILTERING, FIREWALL, VPN, DMZ
o NETWORK PROTOCOLS SUCH AS TCP/IP, SNMP, SMTP, NTP, DNS, LDAP, NFS, SAMBA, ETC.
o DATABASES: ORACLE, SQL, MYSQL
o CLOUD PLATFORMS: IAAS, PAAS, SAAS
o SECURITY CONCEPTS SUCH AS ENCRYPTION, HARDENING, ETC.
o SECURITY GRC
o ACTIVE DIRECTORY
o PROGRAMMING LANGUAGES ARE A PLUS
The Consultant resource(s) shall possess most of the following skills:
- Strong analytical and critical thinking skills.
- Ability to analyze information and formulate solutions to problems.
- Provide more in-depth analysis with a high-level view of goals and end deliverables.
- Remain proactive and complete work within a reasonable time frame under the supervision of a manager or team lead.
- Plan and manage all aspects of the support function.
- Extensive knowledge of and proven experience with Information Technology systems, and methods of developing, testing and moving solutions to implementation.
- Expert knowledge in project management practices and ability to document processes and procedures as needed.
Proactive, working closely and actively communicating with team members to accomplish time critical tasks and deliverables
- Ask questions and share information gained with other support team members, recording and documenting this knowledge
- Elicit and gather user requirements and/or problem description information, and record this information accurately
- Listen carefully and act upon user requirements
- Convey and explain complex problems and solutions in an understandable language to both technical and non-technical persons
- Follow the lead of others on assigned projects as well as take the lead when deemed appropriate
- Think creatively and critically, analyzing complex problems, weighing multiple solutions, and carefully selecting solutions appropriate to the business needs, project scope, and available resources
- Take responsibility for the integrity of the solution
- Convey and explain complex problems and solutions in an understandable language to both technical and non-technical personnel.
- Present solutions (technical and non-technical) to management and decision makers
- Work collaboratively with other support team members and independently on assigned tasks and deliverables with minimum supervision
- Experience in managing multiple projects.
- 5+ Years’ experience in information security.
- CISSP. Other highly desirable security certifications may be substituted for CISSP (for e.g., CISA, CISM, etc.)
Conde Group, Inc. Consulting and Staffing Services
"Bringing the best to your Workforce"
Managed Cyber Security Services (MCSS)