Hi
Please find my direct client job requirement for your consideration.
Title: network security
Location: Raleigh, NC
Duration : 12 Months
Client: State of North Carolina
Job Description
The NCDIT-Transportation Information Security Office requires a senior information security architect specializing in risk assessment and technical consultation, focusing on industry standard security, risk, and compliance, especially PCI-DSS and NIST.
***The candidate will be allowed to work remotely until all staff return to site. At that point the candidate will be required to come onsite.
***The candidate will need to come onsite the first day to collect equipment.
The NCDIT-Transportation Information Security Office (ISO) requires a senior information security architect analyst specializing in risk assessment and business technical consultation. This architect resource will consult on multiple projects to recommend security best practices, develop architectures and hardening guides, and review and evaluate solutions against relevant risk frameworks and regulations. This resource will provide information security policy, process, procedure and application consulting to the NCDIT-Transportation Information Security Office and project support. This position will be an NCDIT-Transportation Information Security Business Architect (ISBA) supporting project consulting. This resource will assist PCI-DSS compliance activities for NCDOT. This resource should possess senior information security technical skillsets as well as senior soft skills as this resource will interface with IT and business leaders across the agency. This resource should possess senior skillsets in preparing reports and presentations to senior management, program/project management and related staff on the recommendations, issues and status of any given IT information security aspect of a project or initiative. This resource must have extensive advanced information security practitioner experience with hands-on experience implementing and operating a suite of standard information security technologies such as but not limited to firewalls, IDS/IPS, SIEM and network traffic capture and analysis. The position will require extensive experience and knowledge of information security frameworks such as ISO 27001, NIST 800-53 and other standards such as PCI-DSS, FISMA, OWASP, FedRAMP, and federal law and NC General Statute. This position will benefit from familiarity and experience with IT architecture frameworks and methodologies such as SABSA and TOGAF.
| | | Skill | Required / Desired | Amount | of Experience |
| Progressive advanced experience as an IT information security professional working within an enterprise environment. | Required | 10 | Years | |
| Hands-on experience implementing, administrating and operating technologies such as firewalls, IDS/IPS, SIEM, antivirus, network traffic analyzers | Required | 10 | Years | |
| | | | | | | | | |
| Detailed technical experience with network security, security protocols, access control, cryptography, application security, and data protection. | Required | 10 | Years |
| Extensive experience with data classification, handling, assessment, and enforcement. | Required | 10 | Years |
| Experience implementing and supporting systems within enterprise-class data center environments. | Required | 10 | Years |
| Advanced knowledge of regulatory compliance including, but not limited to: OWASP, ISO, NIST, FISMA, PCI-DSS, HIPAA and IRS-1075. | Required | 10 | Years |
| Experience leading risk assessments using industry standard frameworks such as ISO or NIST for complex IT projects and technologies. | Required | 5 | Years |
| Experience leading or directly supporting PCI-DSS annual assessment and evidence gathering, familiarity with PCI-DSS 3.2 or higher. | Required | 3 | Years |
| CISSP information security certification. | Required | | |
| Specific experience implementing, administrating, or operating Tenable Nessus. | Highly desired | 2 | Years |
| Specific experience implementing, administrating, operating or utilizing IBM Qradar SIEM | Highly desired | 2 | Years |
| Experience consulting on information security solutions for a state or federal agency. | Required | 2 | Years |
| Experience developing, leading and executing information security incident response plans. | Required | 5 | Years |
| Experience developing and implementing information security policy, standards and procedures. | Required | 5 | Years |
| Experience implementing and operating enterprise class data networking solutions | Highly desired | 5 | Years |
| Experience implementing and operating enterprise class server and storage systems | Highly desired | 5 | Years |
| Detailed expert knowledge of NIST 800-53, and performing risk assessments utilizing NIST 800-53. | Required | 5 | Years |
| Detailed expert knowledge of ISO 27001, and performing risk assessments utilizing ISO 27001 | Required | 2 | Years |
| Detailed expert knowledge of the NIST Cyber Security Framework (CSF), and performing risk assessments utilizing the NIST CSF. | Required | 2 | Years |
| Familiarity and experience with the Department of Homeland Security (DHS) Cyber Security Evaluation Tool (CSET). | Highly desired | 2 | Years |
| Strong knowledge and experience architecting/designing implementations, configuring, and risk assessing AWS and Azure cloud computing environments. | Required | 3 | Years |
| Experience consulting on information security and IT solutions for a state motor vehicles agency or department of transportation. | Highly desired | | |
| Experience performing risk assessments, documenting and driving compliance with the North Carolina DIT Statewide Information Security Manual. | Highly desired | | |
| Experience completing NC Department of Information Technology Privacy Threshold Analysis (PTA) documentation. | Highly desired | | |
| Experience completing NC Department of Information Technology Vendor Readiness Assessment Report (VRAR) documentation. | Highly desired | | |
| Experience providing research and evidence in support of audits. | Required | 5 | Years |
| Trained and experience implementing and operating with ITIL (formerly Information Technology Infrastructure Library) concepts. | Highly desired | | |
| ITIL (formerly Information Technology Infrastructure Library) certification. | Nice to have | | |
| Familiarity and practical experience with SABSA or TOGAF enterprise architecture frameworks and methodologies. | Highly desired | | |
| SABSA or TOGAF certification. |
| Progressive advanced experience as an IT information security professional working within an enterprise environment. | Required | 10 | Years |
| Hands-on experience implementing, administrating and operating technologies such as firewalls, IDS/IPS, SIEM, antivirus, network traffic analyzers | Required | 10 | Years |
| Detailed technical experience with network security, security protocols, access control, cryptography, application security, and data protection. | Required | 10 | Years |
| Extensive experience with data classification, handling, assessment, and enforcement. | Required | 10 | Years |
| Experience implementing and supporting systems within enterprise-class data center environments. | Required | 10 | Years |
| Advanced knowledge of regulatory compliance including, but not limited to: OWASP, ISO, NIST, FISMA, PCI-DSS, HIPAA and IRS-1075. | Required | 10 | Years |
| Experience leading risk assessments using industry standard frameworks such as ISO or NIST for complex IT projects and technologies. | Required | 5 | Years |
| Experience leading or directly supporting PCI-DSS annual assessment and evidence gathering, familiarity with PCI-DSS 3.2 or higher. | Required | 3 | Years |
| CISSP information security certification. | Required | | |
| Specific experience implementing, administrating, or operating Tenable Nessus. | Highly desired | 2 | Years |
| Specific experience implementing, administrating, operating or utilizing IBM Qradar SIEM | Highly desired | 2 | Years |
| Experience consulting on information security solutions for a state or federal agency. | Required | 2 | Years |
| Experience developing, leading and executing information security incident response plans. | Required | 5 | Years |
| Experience developing and implementing information security policy, standards and procedures. | Required | 5 | Years |
| Experience implementing and operating enterprise class data networking solutions | Highly desired | 5 | Years |
| Experience implementing and operating enterprise class server and storage systems | Highly desired | 5 | Years |
| Detailed expert knowledge of NIST 800-53, and performing risk assessments utilizing NIST 800-53. | Required | 5 | Years |
| Detailed expert knowledge of ISO 27001, and performing risk assessments utilizing ISO 27001 | Required | 2 | Years |
| Detailed expert knowledge of the NIST Cyber Security Framework (CSF), and performing risk assessments utilizing the NIST CSF. | Required | 2 | Years |
| Familiarity and experience with the Department of Homeland Security (DHS) Cyber Security Evaluation Tool (CSET). | Highly desired | 2 | Years |
| Strong knowledge and experience architecting/designing implementations, configuring, and risk assessing AWS and Azure cloud computing environments. | Required | 3 | Years |
| Experience consulting on information security and IT solutions for a state motor vehicles agency or department of transportation. | Highly desired | | |
| Experience performing risk assessments, documenting and driving compliance with the North Carolina DIT Statewide Information Security Manual. | Highly desired | | |
| Experience completing NC Department of Information Technology Privacy Threshold Analysis (PTA) documentation. | Highly desired | | |
| Experience completing NC Department of Information Technology Vendor Readiness Assessment Report (VRAR) documentation. | Highly desired | | |
| Experience providing research and evidence in support of audits. | Required | 5 | Years |
| Trained and experience implementing and operating with ITIL (formerly Information Technology Infrastructure Library) concepts. | Highly desired | | |
| ITIL (formerly Information Technology Infrastructure Library) certification. | Nice to have | | |
| Familiarity and practical experience with SABSA or TOGAF enterprise architecture frameworks and methodologies. | Highly desired | | |
| SABSA or TOGAF certification. |
If Interested, please provide me below information:
· Full Name:
· Email ID:
· Contact:
· SSN last 4:
· Address:
· Availability:
· Availability for Interview:
· Visa Status:
· no:
· LinkedIn ID:
· Visa Expiry date (MM/DD/YYYY):
· Relocation:
· Rate:
Professional Reference :1
· Full Name :
· Company Name :
· Title :
· Telephone :
· Email id :