Job Description :
Primary:
Candidate should be a strong person in Security Audit and Compliance domain knowledge.
Candidate must have either CISSP or CISA or both, must be verified.
The tasks for the Security Consultant include, but are not limited to, the following:
1.Act as a Lead Consultant/Subject Matter Expert/domain champion
2.Work on development of Information Security plan (ISP) and performing gap analyses
3.Assist in updating/developing ISP, policies, training materials, website, procedures, controls, etc.
4. Assist with audit remediation validation for compliance to security policies/standards
5.Assist in the evaluation of security risk assessments and gap analysis
6.Knowledge transfer to and training of State Fund employees
7.Assist in updating/developing policies, training materials, website, procedures, controls, etc.
8.Assist in creating policy compliance procedures including compliance measurement reports/dashboard
9.Assist with audit remediation validation for compliance to security policies/standards
10.Assist with the implementation of the various security tools
11.Knowledge transfer to and training of State Fund employees
12.Attend meetings/Represent Enterprise Security as a Senior Lead for all security matters
13.Act as Lead/Co-Lead/Backup on assigned Enterprise Security projects
14.Knowledge transfer to and training of State Fund employees
TECHNICAL KNOWLEDGE AND SKILLS:
Hardware: network switches, routers, load balancers, servers, storage systems
Operating Systems: UNIX, Linux, Windows
Network: LAN, WAN, Internet, Proxy/Filtering, Firewall, VPN, DMZ
Network Protocols such as TCP/IP, SNMP, SMTP, NTP, DNS, LDAP, NFS, Samba, etc
Active Directory
Vulnerability Assessments
Secure Software Development Lifecycle
Penetration Testing
Security
Mainframe DB2
Oracle databases
Best Practices Standards: ISO 27001/27002, PCI:DSS v3; GLBA; HIPPA/HITECH; NIST 800-53; California State Administrative Manual.
Excellent communication, technical writing, and customer service skills
Critical thinking skills
MUST POSSESS CURRENT CISA AND CISSP CERTIFICATIONS