Title: Information Security Analyst-4
Location: Atlanta, GA
Start: ASAP
Duration: 3+ Months Contract to Hire
Interview: Phone to Onsite
Max pay rate: DOE
Group Summary:
The IT Risk Management and Compliance organization is responsible for building and promoting an enterprise wide IT Governance and Risk Program. The objective of this program is to identify potential risks, consult on possible solutions, and assist in determining the best balance of risk vs. business benefit to adequately protect critical IT assets (data, applications, and infrastructure). The Risk Leader role is responsible for fulfilling the objectives of this program at business units throughout. The scope of this program includes but is not limited to the following categories: IT Governance, Emerging Technology, IT Asset Management, Sourcing, Application Management, Global IT, IT Resilience & Continuity, Project Management, Security & Privacy, and IT Compliance
Job Description:
• Support the IT Risk Management Leader for assigned Business Units in developing and promoting the IT Governance and Risk Program as priorities dictate.
• Provide gap analysis between security policies/standards/regulations and practices, processes, and solutions; recommend actions to ITRL.
• Assist ITRL in establishing, documenting, and managing processes and supporting tools used to accomplish IT compliance with regulatory and best practice security and compliance frameworks (e.g. HIPAA-HITECH, PCI, HITRUST, ISO 27001, FISMA, EHNAC, SOX, etc.)
• Work with business and IT owners to establish priorities for process improvements to mitigate risk
• Analyze the company's data protection needs with Applications Developers and ensure secure solutions and process improvements are implemented.
• Execute problem determination and resolution for security related problems
• Help ITRL coordinate with Business Units and Corporate functions in the event of incidents or breaches
• Train and assist security administration functions when necessary.
• Interact with other IT Staff / Business Leads in meetings in understanding security issues and discuss solutions.
• Help with records management and metrics reporting regarding security and compliance data using the Archer Governance Risk & Compliance (GRC) tool
• Assist with threat & vulnerability management process and tools
• Prepare automated and ad hoc reports and/or interpret data from various security sources (e.g. McAfee ePO, RSA Envision SIEM, WebSense, TippingPoint IDS/IPS, Tenable Nessus, vulnerability scanner, WebInspect, data loss prevention, etc.)
• Assist with application data inventory, mapping, and development of data flow process documentation
• Support ITRL in responding to 3rd party requests and monitoring critical vendors
• Support training and awareness efforts in the business units
• Monitor and provide project management support for business unit implementation of security technology and remediation measures
• Monitor and or administer appropriate access and policies for security systems
• Apply applicable encryption methods
Business Experience:
• 5+ years in Information Security or Compliance related services, IT audit, Internal Audit and/or Risk Management Experience. Knowledge of the healthcare and software industries is a plus.
Education:
• 4-year degree in computer science or related field or equivalent experience. Hold CISA, CISSP, GIAC or other similar professional designations
Knowledge/Skills:
• Understanding of HIPAA-HITECH, PCI, HITRUST, ISO 27001, FISMA, EHNAC, SOX, etc.
• Understanding of security controls for Windows servers/workstations, Unix, Linux
• Familiarity with security controls relating to McAfee ePO, RSA Envision SIEM, WebSense, TippingPoint IDS/IPS, Tenable Nessus vulnerability scanner, WebInspect, firewalls, data loss prevention, or similar products/technologies.
• Knowledge of system, network, and architecture security best practices
• Strong interpersonal skills to build/ maintain ongoing business relationships
• Able to handle moderate to complex resolution without escalation and with minimal supervision.
• Able to exercise professional judgment within defined procedures
• Experience in Risk Assessment, audit, and IT security assessments
• Familiar with healthcare and financial compliance regulations and IT and security frameworks and standards
Travel:
• Must be willing to travel up to 20% on as needed basis
Please send in your resume(s) to "gbhaskar@us-buxton.com". You can also reach me at (925)467-0719/(925)708-0224
------------------------------------
********************************************************************
Read the new KIT List blog at www.kitlist.wordpress.com for job tips and to connect to our community!
Please go to www.KITlist.org to join, post jobs, or get answers to common questions. If you have any comments or questions, you can reach us directly at KITtechmoderator@KITlist.org.
By using the KIT List you agree to comply with the Terms of Use on the site, and will not use discriminatory employment practices. The KIT List is a service of Connelly Communications, Inc.
TO UNSUBSCRIBE:
Replying to KIT emails with an "unsubscribe" request does not work.
Instead, just send an email (from the same account you used to subscribe) to KITlist-Tech-unsubscribe@yahoogroups.com. If you are still receiving emails after a few days, please email us at KITtechmoderator@KITlist.org and we will manually remove you. Thanks!
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/KITlist-Tech/
<*> Your email settings:
Individual Email | Traditional
<*> To change settings online go to:
http://groups.yahoo.com/group/KITlist-Tech/join
(Yahoo! ID required)
<*> To change settings via email:
KITlist-Tech-digest@yahoogroups.com
KITlist-Tech-fullfeatured@yahoogroups.com
<*> To unsubscribe from this group, send an email to:
KITlist-Tech-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
No comments:
Post a Comment