Job Description :
Company Overview:
Creating value by bringing together the right people to achieve results is our motto. Our clients and employees say they choose to work with us because of how we work with them - with service that exceeds their expectations and a personal commitment to their success.
Our client, one of the largest distributors of natural gas in the northeast US, serving customers in NY, MA, and RI seeks an accomplished Security Consultant.
* Candidate must be authorized to work in USA without requiring sponsorship *
* Candidate can work at either Waltham MA, Syracuse NY or Hicksville NY *
Notes:
Looking for a security expert to apply the design and work with the solution architect. Contractor will be supporting different projects such as projects within SAP and ERP environments.
Cloud based experience is preferred. Looking for more of a consultant than a hands on engineer. Transpose the business requirements and identify associated security requirements. Identity management. Mix of agile and waterfall methodology.
Description:
Serves as a subject matter expert in many areas of security, and is able to describe and document in business terms the impact of security policies, standards, and architecture. This person will provide security direction to the business and project stakeholders to ensure that security is a key focus for all projects and new business initiatives.
This role will be placed on multiple projects with the expectation that the individual will be able to coordinate with the Security Architect on identifying existing security services that can be leveraged by the project and identify gaps in the business requirement that will need new security services to be able to meet the security controls identified in an aggressive timeframe. Perform security risk assessments to determine level of security services to include.
Implement security designs by working with the security architect in leveraging policies, standards, and patterns including controls to support the specific project requirements.
Provide testing scenarios to the project team ensuring the security controls are in place as required.
Elevate residual risk to be included in the risk register and approved by the key stakeholders where they cannot be mitigated or addressed.
Project engagement during the initiation, requirements, and design stages to ensure that security has been considered and is included into the design at the appropriate level based on the risks.
Further security related guidance may be required during the build and testing stages of the projects. Security review and design of complex application and technology architectures.
Coordination of technical design/review activities with various IS and project stakeholders.
Evaluation and maintenance of security system plans and procedures to safeguard internal information systems and databases.
Researching and recommendation/implementation of changes to procedures and systems to enhance security aligned with corporate policies
Partner with LoB and IS during project engagement in the development of strategic and tactical business plans.
Manage demand of working on multiple projects and leverage IS security technologies and services to meet business goals and objectives.
Accountable for ensuring that key risks and issues are identified, addressed and resolved in a manner that satisfies the business. Remaining risks are registered and owned.
Knowledge, Experience & Technical Know How:
Strong background in security architecture including a deep knowledge of IT network security (secure LAN, WAN, vLAN, MPLS, and secure network zoning and restricted network design) and cloud-based technologies.
Strong knowledge and experience designing and implementing technical security solutions such as secure remote access, firewalls, encryption, secure protocols, data protection, data loss prevention and identity management solutions both internally and within cloud provided services, with CASB products a plus.
Able to translate business and non-functional requirements to establish security controls so that a proper security design can be architected and to document the security solutions for communications and enduring documentation.
Previous experience identifying and addressing security requirements within the AGILE Project Framework method.
Strong knowledge of data and information flows, information governance, and network protocols.
Experience of designing and incorporating technical security controls that align to NIST 800-53r4
Experience of designing and managing security controls within service providers and the cloud.
Appreciation of wider information security related principles, likely to be gained in industry or from a consultancy background.
Familiarity with EA Sparx a plus.
Prior utility industry experience preferred, including knowledge of customer, ERP, asset management, and analytics. Familiar with security application lifecycle process frameworks including NIST 800-64.
Qualifications Required:
Educated to degree level (or equivalent combination of education and experience
Information Security Qualifications such as CISSP, ISSAP, and SABSA practitioner preferred.
Security Qualifications such as SANs, CCNA, CCNP.
Familiar with various controls including NIST.
I''d love to talk to you if you think this position is right up your alley.
If you''re looking for rewarding employment and a company that puts its employees first, we''d like to work with you. We''re driven, people driven.
NOTE: Candidates that are offered a position are required to pass pre-employment drug and background screening. Qualified candidates with criminal histories, are considered in a manner that is consistent with local, state and federal laws.