Job Description :
Position: Security Engineer
Location: Harrisburg, PA
Job Duration: 6/30/2020 (client has option to renew)
Deadline to Submit Resumes: 6/17/2019
Rate: $70-/hr on 1099
No OPT, CPT or F1 candidates please

Minimum Qualifications
10 Years Required: Relevant technology experience
4 Years Required: Have a 4 year college degree or equivalent technical study with advanced study
2 Years Required: Have experience with SQL query languages
2 Years Highly Desired: Have experience with Splunk administration and queries
2 Years Required: Have the ability to maintain the integrity of confidential information
2 Years Required: Have strong problem-solving abilities and strong critical thinking coupled with good oral and written communication skills.
2 Years Required: Have experience with eGRC concepts and applications
2 Years Highly Desired: Have experience with ServiceNow Incident and GRC modules


Role Description

Identify information security requirements through collection and translation of disparate information sources into actionable language in support of current and proposed governance policies and management directives.
Organize resources to assess technical, physical, and administrative controls. Identify and analyze risks to determine the adequacy of existing security controls. The assessment process includes interviewing personnel, reviewing and testing security controls, evaluating audit reports, vulnerability scans and penetration test results.
Coordinate self-assessments with the enterprise, delivery centers, and independent agencies and report on findings.
Routinely interface with IT and business unit management to assure security initiatives are aligned with business needs. Analyze business and security needs alongside requirements and communicate risks using the enterprise risk register. Communicate the risks to the appropriate parties in a clear and concise fashion so as to educate people on the risks and potential consequences of them.
Provide guidance and assistance to operational teams to remediate security deficiencies identified in risk assessments.
Monitor and triage information security requests through various intake mechanisms.
Identify, analyze, and transition information risks through our risk management workflow.
Measure, collect, and report on key information security services and risk indicators.
Develop and communicate information security policies, standards, and procedures so control requirements are understood and integrated throughout the enterprise.
Evaluate and respond to requests for information security attestations.
Identify and analyze vendor risks through established workflows.
Research regulatory guidance and prepare policy/standard gap assessments for management.
Assess knowledge and behavior gaps to build, deliver, and support information security awareness assessments and communication activities,
Identify process gaps and support process improvement.
Mentor and consult with the Information Security Services Team and fellow OIT Team members