Job Description :
Short Description:
16+ years of experience. Determines enterprise information assurance and security standards.
Complete Description:
Background: CFSA is looking for a senior cyber security resource with extensive experience in development of security and information assurance policies based on the National Institute of Standards and Technology (NIST) framework. The successful candidate will have extensive knowledge in Personally Identifiable Information (PII), Protected Health Information (PHI) and Health Insurance Portability and Accountability Act (HIPAA) requirements. This position is responsible for security policy and procedure development, providing general information technology (IT) security services, advisory and audit support, and legal compliance for CFSA. The role supports all the security policy activities covering privacy, access and information in compliance with federal and state laws, and the agency’s practices. 1. Determines enterprise information assurance and security standards. 2. Develops and implements information assurance/security standards and procedures. 3. Coordinates, develops, and evaluates security programs for an organization. Recommends information assurance/security solutions to support customers’ requirements. 4. Identifies, reports, and resolves security violations. 5. Establishes and satisfies information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands. 6. Supports customers at the highest levels in the development and implementation of doctrine and policies. 7. Applies know-how to government and commercial common user systems, as well as to dedicated special purpose systems requiring specialized security features and procedures. 8. Performs analysis, design, and development of security features for system architectures. 9. Analyzes and defines security requirements for computer systems which may include mainframes, workstations, and personal computers. 10. Designs, develops, engineers, and implements solutions that meet security requirements. 11. Provides integration and implementation of the computer system security solution. 12. Analyzes general information assurance-related technical problems and provides basic engineering and technical support in solving these problems. 13. Performs vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle. 14. Schedules and supports agency-wide security and risk management steering committee meetings - CONTRACT JOB DESCRIPTION Responsibilities: 1. Determines enterprise information assurance and security standards. 2. Develops and implements information assurance/security standards and procedures. 3. Coordinates, develops, and evaluates security programs for an organization. Recommends information assurance/security solutions to support customers’ requirements. 4. Identifies, reports, and resolves security violations. 5. Establishes and satisfies information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands. 6. Supports customers at the highest levels in the development and implementation of doctrine and policies. 7. Applies know-how to government and commercial common user systems, as well as to dedicated special purpose systems requiring specialized security features and procedures. 8. Performs analysis, design, and development of security features for system architectures. 9. Analyzes and defines security requirements for computer systems which may include mainframes, workstations, and personal computers. 10. Designs, develops, engineers, and implements solutions that meet security requirements. 11. Provides integration and implementation of the computer system security solution. 12. Analyzes general information assurance-related technical problems and provides basic engineering and technical support in solving these problems. 13. Performs vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle. 14. Ensures that all information systems are functional and secure. Minimum Education/Certification Requirements: Bachelor’s degree in Information Technology or related field or equivalent experience