Responsibilities:
Analyze complex, enterprise environments from an information security perspective
Evaluate organizations against multiple best practice control frameworks, vertical specific requirements, or federal/state regulations:
- ISO 27001/2
- HIPAA
- PCI/DSS
- COBIT
- NERC/CIP
- FISMA/NIST
- FFIEC
- Develop comprehensive information security documentation
– Policies
– Standards
– Guidelines
– Procedures
- Conduct assessments of (or build) Business Continuity Programs, based on best practices.
- Conduct physical security assessments of data centers and other facilities
- Conduct risk assessments of business processes and supporting applications; including:
– the determination of inherent risk
– evaluating the existence of controls that help reduce risk
– determine residual risk and risk treatment plans
- Conduct assessments against (or develop) vulnerability and threat management programs
- Work with senior level stakeholders (managers, directors and CISO’s) to provide
strategic information security guidance
Qualifications:
• Bachelor’s degree in Business, IT or related field or equivalent experience
• 7 + years of IT technical/security experience
• Information security certification; one of the following (CISSP, CISM, CISA or CRISC)
• Strong ability to articulate business risks of technical issues to client personnel
• Identify and communicate assessment findings to client personnel
• Recognize performance improvement opportunities for client
• Ability to deal with both technical and non-technical client personnel
• Solid understanding of best practice control frameworks and regulatory requirements:
o HIPAA/HITECH
o ISO 27001/2
o ISO 27005
o PCI/DSS
o GLBA / FFIEC Audit handbook
• Knowledge of core Information Security concepts related to Governance, Risk & compliance
• Strong analytical / problem solving skills
• Broad knowledge of infrastructure (network and servers), services and security policies
• Demonstrated understanding of internal security controls
• Proven ability to assess risks and controls and identify opportunities for improvement
• Demonstrated initiative and commitment for results and the ability to set priorities and manage multiple and concurrent projects
• Demonstrated ability to work in a team environment
• Expert knowledge of information security topics, system architecture and Internet technology
• Excellent communication skills both written and verbal are required
• Ability to act independently and exercise good judgment as well as the ability to work cross functionally and create virtual teams is essential
• Ability to prioritize and manage multiple tasks
Contact Information:
Ryan Mac Donald
Senior Staffing Consultant
Midwest Consulting Group
913-693-8200-Office
913-522-0179-Cell
ryanm@mcginfo.com
Midwest Consulting Group partial list of technical openings:
http://ryanmacdonald1.wordpress.com/
About me
- Ryan Mac Donald / Saicon Consultants
- Overland Park, Kansas, United States
- I provide career assistance to individuals looking for a career change in Information Technology.
No comments:
Post a Comment