Information Security Specialist II

Apply by eMail:15335259.185@jobfrenzy1.com

Description:
1. Consultant Responsibilities During the course of the Project, the Consultant will perform the following functions: Risk assessments: Using SRMOs Risk Management methodology, the Consultant will primarily be responsible for providing project leadership and technical expertise for all of the following: Client Service Delivery Services Risk Assessments Technology related Risk Assessments Specific risk assessments related to applications under development or the introduction of new features or system components to the overall Enterprise Architecture The Consultant will also assess current client architecture and the deployed technologies used to provide security. This will include, but not be limited to the following: Host server security and configurations Virtual Private Network (VPN) access Intrusion Detection (IDS) systems Intrusion Prevention (IPS) systems Anti-Virus (AV) Wireless computing and access 2. Enterprise Architecture The Consultant will provide technical input regarding clients Enterprise Architecture, including the testing and assessment of new technologies that will enhance clients security architecture. The Consultants recommendations must ensure that the security of clients Technical Information Assets conforms to industry standards. Areas of review may include, but not be limited to the following: Data Integrity and Authentication Data Confidentiality Trusted credentials Application Access and Authentication Software Integrity System/Middleware security Host security Internal Network security Network Perimeter security Audit and event logging A key element will be to develop and architect solutions to ensure that clients key information assets are protected should the external security perimeter be compromised. 3. New Projects The Consultant and SRMO will jointly identify security related projects for the Consultant to undertake. Under the direction of the Director of SRMO or designee, Consultant will perform and update new project security assessments and ensue that security requirements are identified, tested, and implemented. In addition, the Consultant shall facilitate and ensure the successful transfer of knowledge from the Consultant to SRMO staff designated by the Director of SRMO or designee; submit required reports, as defined by client. Consultant reporting may, at the discretion of client, include Time Distribution Reports (TDR), Weekly Consultant Time and Status Report; be responsible for daily backups of any data and/or software developed as a result of Consultants tasks; and attend periodic (ie weekly) status meetings, as required by client. 2. Mandatory Technical Requirements: The Contractors proposed Consultant(s) must also have the following: a. Four or more years experience performing security risk assessments of networks, data center operations, Internet application design and development, and remote access technology. b. Four or more years experience providing written reviews, reports and recommendations to improve security policies, standards, processes, and procedures for larger scale government or private company businesses. c. Four or more years experience analyzing compliance to industry best practice security policies and standards, documenting security weaknesses and developing remediation plans for management approval. d. At least one recognized Information Security or Audit Controls certification (CISM, CISSP, CISA, etc.). Desirable Experience CIO/OFT requests that the Vendors proposed Consultant(s) have th e following experience: 1. It is highly desirable that the proposed Consultant has conducted the following types of security reviews: 11 Evaluated the security of a networks design and any change proposals that present security risks. Identified and reported any non-compliance to an Enterprise's security rules related to secure communication among devices (eg Ports assignments, protocols, encryption standards, etc.). Evaluated whether an organization's servers, network devices and system components were configured securely based on industry standards, guidelines or industry best practices. Performed project security reviews to ensure security policies and requirements are met at all stages of an applications development life cycle. Evaluated an organizations security and risk management program, in terms of risk reduction, policy and standards compliance levels, awareness training, vulnerabilities and remediation statistics, etc. Conducted and documented assessments of an organizations compliance to the following industry controls and standards: NIST ISO 17799/ISO27001 HIPAA FISMA Evaluated and improved the security of the following technologies: o MS Active Directory o LDAP/Netegrity Site Minder o UNIX o REMOTE VPN o IPS/IDS o Wireless security o Firewalls o Security Event and Incident Management o VMware o IBM Mainframe Other Desirable Experience and Qualifications: Reviewing and/or improving security in these categories: a. Identity Authentication and Access Management b. Workforce security roles and responsibilities c. Contracts, RFPs, and vendor agreements d. Security Awareness Training e. Security incident reporting Professional level courses/seminars in risk management, vulnerability management or auditing of IT systems. Experience with using an asset based risk assessment methodology. Experience in evaluating or developing Disaster Recovery Plans for Computer Centers and/or large scale Networks or IT Systems. Good project management and inter-personal communication skills as demonstrated by previous experience in managing larger scale, complex projects. 12 Strong analytical and report writing skills that, if requested, can be supported by offering samples during the selection process

Requirements:
See Above

Education: Not Specified

Experience: Not Specified

Travel: Not Specified

Apply by eMail:15335259.185@jobfrenzy1.com

Job Created: Sat Oct 17 2009 04:28:13 AM
Last Modified: Sat Oct 17 2009 04:28:13 AM