Job Description :
Experience as a practitioner in the field of IT Security required. Minimum three (3) years of experience in designing and managing the implementation of Information System Security projects at the State or Federal Government levels preferred. Certified Information Systems Security Professional (“CISSP”) or Certified Information Security
Manager (“CISM”) certifications required. Additional security certifications such as Certified Information Systems Auditor (“CISA”), Certified Secure Software Lifecycle Professional
(“CSSLP”), Certified Authorization Professional (“CAP”), Certified HIPPA Security Professional (“CHSP”), GIAC HIPAA Security Certificate (“GHSC”) or Certified HIPPA Security Specialist (“CHSS”) preferred.
Strong demonstrable working knowledge of the Federal Information Security Management Act (“FISMA”) Information Security Governance Standards and the National Institute of Standards and Technology (“NIST”) Information Systems Risk Management guidelines.
Strong demonstrable working knowledge of the Health Insurance Portability and Accountability Act (“HIPAA”), Internal Revenue Service (“IRS”) and Social Security Administration (“SSA”) security regulations required.
Strong working knowledge of Best Practices regarding physical security evaluations.
Strong working knowledge of IT Security Best Practices regarding Data Networks and Networking, including but not limited to protocol analysis, anomaly detection, data loss prevention, intrusion prevention/detection and troubleshooting preferred.
Strong working knowledge of IT Security best practices regarding Windows and *nix Servers preferred.
Strong working knowledge of IT Security Best Practices required regarding Relational Databases.
Working experience at the State or Federal Government level is required in the following categories:
NIST guidelines and Federal Information Processing Standard (“FIPS”) certification requirements regarding the testing, selection, implementation and management of encryption technologies.
The development, maintenance and implementation of Federal Information Security Management Act (“FISMA”)/ NIST based Information System Risk Management methodologies, including but not limited to Risk Analyses methodologies, Data Classification Analyses, Control Analyses.
The management and successful completion of NIST based Risk Analyses.
The facilitation of workgroup meetings in specific Information Security areas of interest.
The interpretation and analysis of State and Federal Information Security regulatory requirements- experience with HIPAA, IRS and SSA regulatory environments preferred.
The provision of cost effective regulatory compliance solutions.
The development, maintenance, and implementation of project plans in accordance with standard project management methodologies.
The planning and analysis of Vulnerability Scans of wired and wireless data networks, Windows workstations, Windows and *nix File Servers, Relational Databases and Web based applications.