Job Description :
SECURITY ENGINEER
Location: Eldorado Hill, CA OR San Francisco, CA
Duration of Assignment: 6 Months +
Day to Day Responsibilities of this Position and Description of Project:
Analyze assessment findings and establish a risk score based on an established scoring framework.
Present findings and assessment to business owners as well as third party vendor.
Review third party vendor remediation plans and determine if the plan sufficiently mitigates identified risks. Track progress on remediation of identified risks and vulnerabilities and provide appropriate reporting to constituents.
Enhance risk/vulnerability assessment programs and questionnaires to aid in the identification and mitigation of security risks.
Monitor appropriate sources for newly identified vulnerabilities, evaluate the risks such vulnerabilities pose to the organization’s information and systems, and advise management of appropriate measures to eliminate or reduce the organization’s risk or exposure to such vulnerabilities.
Communicate on regular basis with key stakeholders on status, issues and solutions to resolving those issues
Participating in security planning and analyst activities
Work in combination with Project Managers to ensure Security is engaged in projects
Developing, refining and implementing of enterprise wide security policies, procedures and standards to meet Blue Shield of California’s compliance responsibilities
Working with customers to identify security requirements using methods that may include risk and business impact assessments
Working closely with IT and development teams to design secure infrastructure solutions and applications, facilitating the implementation of protective and mitigating controls
Monitoring risk mitigation and coordinating policy and controls to ensure that other managers are taking effective remediation steps
Developing and managing security measures for information systems to prevent security breaches
Participating in security investigations and compliance reviews as requested by external auditors
Conducting and reports on internal investigations of possible security violations
Performing security monitoring, analyzes security alerts and escalates security alerts to local support teams
Risk assessments
Self-directed and independent
Familiarity with security regulations in compliance legislation and other directives including PCI, Sarbanes-Oxley
Identify, document, and monitor key business processes needed to achieve successful business results. Map and document processes while developing framework for process improvement
CISA, CISSP, CRISC preferred