Thursday, December 2, 2010

[KITlist-Tech] CONTR: Information Security Analyst-3 (San Francisco, CA)

Please direct your responses to: gbhaskar@us-buxton.com


Title: Information Security Analyst 3

Location: San Francisco, CA

Start: ASAP

Duration: 4+ Months

Interview: Phone to Onsite

Max pay rate: DOE

Group Summary The IT Risk Management and Compliance function is responsible for building and promoting an enterprise wide IT Risk Management and Compliance Program, specifically:
• Build and manage processes and supporting tools to support evaluation and monitoring of IT risk management including risks related to
o strategic projects / initiatives – both customer facing and internally focused
o new areas of business and/or emerging technologies
o acquisitions and divestitures
o customer and vendor management
• Build and manage processes and supporting tools to support evaluation and monitoring of IT compliance – focusing initially in implementing a framework around the ISO 27001 security standard, and then incorporating other existing compliance areas such as PCI, SOX, HIPAA etc.
• Manage the IT security policy lifecycle – including policy maintenance, training and awareness, and compliance monitoring
• Provide IT Risk Management consulting and advisory services to the businesses:
o Advice as part of their customer facing product and service development efforts
o Advice on internal development projects
o Support when responding to incidents
o Services to perform more detailed risk assessments and security reviews as needed
o Support in responding to customer requests related to IT risk management and security
Manage related governance structure, metrics and reporting protocols
Scope
• Support the IT Risk Management leader for assigned Business Units in developing and promoting the IT Risk Management and Compliance Program
- Support the initial development and implementation of a risk assessment process
- Support the initial evaluation of compliance with Corporate policies
- Support the development and implementation of the business unit's self-assessment of controls
- Support the Business Units in responding to customer requests and monitoring critical vendors
- Coordinate with the Business Units and the Corporate functions in the event of any incidents or breaches
- Support training and awareness efforts in the business units
- Monitor business unit implementation of remediation measures
- Provide metrics and reporting

Initial Deliverables
• Assess, identify, and document information security best practice solutions for the handling of sensitive data through the data lifecycle (acquisition, storage, dissemination and destruction.)
• Facilitate and document remediation of audit, assessment, and vulnerability findings.
• Clean up and maintain business unit information within Archer. To include product, services, and application inventory.
• Develop framework and supporting processes for handling customer risk assessment and audit requests.
• Integrate business unit information security awareness program into the Enterprise Information Security Awareness program.
Business

Experience
Minimum of 4+ years in IT Security Services, IT audit, Internal Audit and/or Risk Management Experience
Knowledge of the healthcare and software industries is a plus.

Education
4-year degree in computer science or related field or equivalent experience
CISA, CISSP or other similar professional designations. PMP certification a plus.
Knowledge/Skills
• Strong interpersonal skills to build/ maintain ongoing business relationships
• Strong Project and Time Management skills
• Able to exercise professional judgment within defined procedures
• Experience in Risk Assessment, audit, and IT security assessments
• Familiar with compliance regulations and IT and security frameworks and standards

Environment
Must be flexible in work environment, willing to travel up to 50%.

Preferred Locations:
Malvern, PA or Newton, MA or New York Tri-state area.

Physical Requirements General Office Demands

Please send in your resume(s) to "gbhaskar@us-buxton.com"


------------------------------------

********************************************************************

Read the new KIT List blog at www.kitlist.wordpress.com for job tips and to connect to our community!

Please go to www.KITlist.org to join, post jobs, or get answers to common questions. If you have any comments or questions, you can reach us directly at KITtechmoderator@KITlist.org.

By using the KIT List you agree to comply with the Terms of Use on the site, and will not use discriminatory employment practices. The KIT List is a service of Connelly Communications, Inc.

TO UNSUBSCRIBE:
Replying to KIT emails with an "unsubscribe" request does not work.
Instead, just send an email (from the same account you used to subscribe) to KITlist-Tech-unsubscribe@yahoogroups.com. If you are still receiving emails after a few days, please email us at KITtechmoderator@KITlist.org and we will manually remove you. Thanks!
Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/KITlist-Tech/

<*> Your email settings:
Individual Email | Traditional

<*> To change settings online go to:
http://groups.yahoo.com/group/KITlist-Tech/join
(Yahoo! ID required)

<*> To change settings via email:
KITlist-Tech-digest@yahoogroups.com
KITlist-Tech-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
KITlist-Tech-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/

No comments:

Post a Comment