Complete Description:
*local candidates strongly preferred
**mgr will ONLY conduct in-person interviews, NO Skype, NO exceptions
***contract should be approximately one year in length
****candidates MUST be able to be hired directly by the state (in the future, if budget allows) without sponsorship
This position will provide a full range of information security risk assessment capabilities and full understanding of information security risk management in order to assist the business areas in completion of the Business Impact Analysis, Risk Assessments, and subsequent System Security Plan. This position will also be responsible for the creation of Information Security Standards.
Responsibilities include:
- Creating the OIS Security Book, including the creation of information security standards, procedures, and guidelines
- Working with business areas and Information Security staff to update Business Impact Analysis documents
- Performing Risk Analysis with business function for sensitive systems utilizing the SCC’s policies
- Developing System Security Plans with the understanding of how risk can impact a system
- Working with multiple business lines to document and maintain information security standards
- Defining appropriate controls for new and existing technologies
- Leading projects and providing overall project management support to information security team
Environment:
- Microsoft Windows Server 2003, 2008, 2012
- Microsoft Exchange Server 2010
- Microsoft Office Professional 2010
- Windows Active Directory, LDAP, WSUS
- Cisco network and VPN equipment
- VMWare
- SAN, DASD, NAS
- DS-3 Telecommunications, WAN, LAN, VLAN, SIP
- Cisco VOiP
- EMC Data Domain 2500, 4500 & Networker
- Orion SolarWinds Monitoring
- WSFTP & MoveIT FTP Server
- SOPHOS
- QualysGuard
Skills:
Skill
Required / Desired
Amount
of Experience
Advanced working knowledge of & professional experience working in Information Technology w/ focus on Information Security policy and risk management
Required
3
Years
Thorough, in-depth knowledge of and experience writing risk management documentation
Required
2
Years
Understanding of how to identify and document risk and risk acceptance as well as develop corrective action plans
Required
2
Years
Ability to diagram complex concepts in a format that is easily understandable
Required
2
Years
Understanding of information security policy and standards with the ability to create and edit documents of this type
Required
2
Years
Ability to lead projects through to completion with limited supervision
Required
4
Years
Experience writing, editing, and/or proofreading documents in a professional work environment
Required
4
Years
Strong proficiency in both concise and detailed written communications
Required
4
Years
Strong proficiency with Microsoft Office applications including Visio and PowerPoint
Required
5
Years
Excellent verbal communication skills, including the ability to effectively communicate to all levels of the organization
Required
Ability to handle multiple priorities and work both independently and in a team environment
Required
Meticulous attention to detail
Required
Legally eligible to be hired as a state employee
Required
Information Security certification (ex: CISSP, CSSLP, CCFP, etc.)
Highly desired
Understanding of information security policies, networking, and security risk
Highly desired
Experience with SharePoint
Highly desired