3985520 Information Security Engineer
Company Name:
CCSI INC
Id : 54162
Date Created : 7/23/2014 7:13:22 AM
Location/City : IN - Indianapolis
Area Code : 317
Job Type : Contract
Recruiter Name : Nicholas St Pierre
Recruiter Email :
3985520 Information Security Engineer
Location: Indianapolis, IN
Length: 1 Year
If interested, please send resume to
Description:
Provide close collaboration with project teams and the ability to evaluate current security control needs based upon the system architecture, data classification, compliance requirements and risk. Additional areas of concentration may include assisting and participating in systems and organizational compliance auditing; review and qualification of suppliers for adequate security and privacy practices, as well as potential for contract and SLA reviews.
This position does not require extensive experience in compliance (PCI, FISMA, HIPAA, etc) and auditing. The primary skill set needed is consulting with the business customer throughout the lifecycle of system development and implementation. (This is a predefined internal SDLC process- but comparable to industry standards).
Support Project teams in defining and verification of Information Security system control requirements during the design, development, and implementation of IT Systems.
Providing information security consultation and assessment services during business customer engagements and project executions
Perform information security risk assessments, process security exceptions and complete data classification activities
Provides consulting to management and the business on IT and security related issues and initiatives
Developing and implementing security solutions aligned with industry standard security models (ISO, COBIT; NIST, etc.)
Be proficient in applying technical documentation skills to the creation of work instructions, directives, policies and procedures.
Evaluates the design and effectiveness of applied controls for processes, systems, networks, and applications in accordance with good security practices, laws, regulations, policies, procedures and standards.
Provides recommendations for addressing identified gaps and work closely with IT or the business on creating corrective action and risk remediation plans
Conducts regular follow-up on remediation plans
Skills:
The candidate should have soft skills and have experience in reviewing software system architecture and design and defining and documenting security requirements. Experience with network architecture (and topology), access management and authentication mechanisms, communication protocols and encryption technologies are key. Completing Data Classification reports with the customer and performing of risk assessments is also key to the success for the candidate.
The security consultant is proficient in multiple disciplines within information security; including business process security, data security and classification, access control practices, risk analysis/management, network security, and vulnerability management. Additionally, the consultant position requires a broad knowledge of overarching security principles, defense in depth, strategies and methodologies.
Experience conducting information security assessments, risk assessments and recommending solutions
Knowledge of secure architecture, encryption, protocols and data transmission technologies
Advanced knowledge of information security risks, controls, and practices
Knowledge of security regulations including HIPAA/HITECH, Basel II, PCI, etc.
Knowledge of security frameworks and standards including ISO 27000 series, NIST (800-66/800-53), COBIT, etc.
Strong verbal and written communication skills
5
years of experience in Information Security or equivalent work experience
Experience writing reports and presenting to senior management
CISSP, CISM and/or CISA highly preferred, HIPAA experience is a plus
Education:Bachelor of Science in Computer Science, Information Technology, or related disciplineEstimated Salary: $20 to $28 per hour based on qualifications.
CCSI INC
Id : 54162
Date Created : 7/23/2014 7:13:22 AM
Location/City : IN - Indianapolis
Area Code : 317
Job Type : Contract
Recruiter Name : Nicholas St Pierre
Recruiter Email :
3985520 Information Security Engineer
Location: Indianapolis, IN
Length: 1 Year
If interested, please send resume to
Description:
Provide close collaboration with project teams and the ability to evaluate current security control needs based upon the system architecture, data classification, compliance requirements and risk. Additional areas of concentration may include assisting and participating in systems and organizational compliance auditing; review and qualification of suppliers for adequate security and privacy practices, as well as potential for contract and SLA reviews.
This position does not require extensive experience in compliance (PCI, FISMA, HIPAA, etc) and auditing. The primary skill set needed is consulting with the business customer throughout the lifecycle of system development and implementation. (This is a predefined internal SDLC process- but comparable to industry standards).
Support Project teams in defining and verification of Information Security system control requirements during the design, development, and implementation of IT Systems.
Providing information security consultation and assessment services during business customer engagements and project executions
Perform information security risk assessments, process security exceptions and complete data classification activities
Provides consulting to management and the business on IT and security related issues and initiatives
Developing and implementing security solutions aligned with industry standard security models (ISO, COBIT; NIST, etc.)
Be proficient in applying technical documentation skills to the creation of work instructions, directives, policies and procedures.
Evaluates the design and effectiveness of applied controls for processes, systems, networks, and applications in accordance with good security practices, laws, regulations, policies, procedures and standards.
Provides recommendations for addressing identified gaps and work closely with IT or the business on creating corrective action and risk remediation plans
Conducts regular follow-up on remediation plans
Skills:
The candidate should have soft skills and have experience in reviewing software system architecture and design and defining and documenting security requirements. Experience with network architecture (and topology), access management and authentication mechanisms, communication protocols and encryption technologies are key. Completing Data Classification reports with the customer and performing of risk assessments is also key to the success for the candidate.
The security consultant is proficient in multiple disciplines within information security; including business process security, data security and classification, access control practices, risk analysis/management, network security, and vulnerability management. Additionally, the consultant position requires a broad knowledge of overarching security principles, defense in depth, strategies and methodologies.
Experience conducting information security assessments, risk assessments and recommending solutions
Knowledge of secure architecture, encryption, protocols and data transmission technologies
Advanced knowledge of information security risks, controls, and practices
Knowledge of security regulations including HIPAA/HITECH, Basel II, PCI, etc.
Knowledge of security frameworks and standards including ISO 27000 series, NIST (800-66/800-53), COBIT, etc.
Strong verbal and written communication skills
5
years of experience in Information Security or equivalent work experience
Experience writing reports and presenting to senior management
CISSP, CISM and/or CISA highly preferred, HIPAA experience is a plus
Education:Bachelor of Science in Computer Science, Information Technology, or related disciplineEstimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
