Security Analyst (PCI/NIST)
Company: DatamanUSA, LLC
Posted on: January 14, 2019
DatamanUSA is a rapidly growing full service technical consulting and talent management company headquartered in Centennial, CO. We provide expertise in ERP, Software Implementation, Business Process Optimization, Management Consulting, Project Management, Managed Services, and General IT Support for both commercial and government organizations. Currently, we are looking for a qualified individual to work as Security Analyst for one of our Direct Client in Clemson, SCScope of the project:
- Evaluates existing and planned technology environments of the agency, vendors and other partners, for compliance with information security policies and standards. Recommends information security measures and practices, in context of the agency's business goals, to safeguard information assets in accordance with applicable federal, state, agency and industry policies, standards and best-practices. Participates in reviews and updates of security policies, standards, procedures; and of the employee security awareness program. Contributes to creation and maintenance of security communications, information sharing and other documentation necessary to perform the functions of the CISO division of the agency.
- Knowledge of security administration in one or more of the following areas of technology: network devices, workstations, servers, storage technology, security instrumentation. Ability to write detailed security documentation on technical security assessments, policies and procedures. Analytical and problem solving skills. Knowledge and understanding of information risks concepts and principles as a means of relating business needs and security controls. Ability to communicate with audiences with varying levels of technical knowledge. Ability to establish and maintain effective working relationships to effectively perform job duties that by their nature create tension. Knowledge of project management. Daily duties / responsibilities:
- Security reviews of new projects & technology changes -- evaluates new information technology projects and proposed changes to existing technology for compliance with security policies and standards. Works in a collaborative fashion with project stakeholders to make recommendations that help achieve business and functional goals, while meeting security requirements. Conducts security reviews in accordance with established it and security processes.
- Periodic/cyclical compliance assessments -- prepares security plans and performs periodic/cyclical security assessments and risk assessments of the agency, vendors and other partners in accordance with security policies and standards, in a manner that provides an accurate representation of the security posture of the entity being evaluated. Documents plans, assessments, reviews and results in the form of system security plans, system security assessments, risk assessments, subject-matter reviews, findings, authorizations-to-operate and other documentation specified by policies and procedures. Assists with the preparation of documentation that is required to be submitted to external authorities, including irs, pci dss and state authorities. Conducts assessments in accordance with established schedule goals and requirements.
- Security Process Administration -- Administers And Maintains Documentation, Communication Methods And Artifacts Necessary To Perform The Functions Of The Ciso Division Of The Agency, Including Reports, Metrics, Procedures, Sharepoint Sites, Shared Drives, Etc
- Security program updates -- reviews and recommends updates to security policies, standards, procedures and security awareness programs. Reads and researches to remain knowledgeable and current with changes to external requirements such as irs, pci dss, state policies and industry best-practices. Recommends areas in which new security procedures are needed. Writes or contributes to writing new security procedures. Required skills (rank in order of importance):
- Ability to install and use various security tools
- Application security
- Experience in projects involving pci/nist security implementations and/or audits
- Information security principles and practices
- IRS safeguard computer security evaluation matrix (scsem)
- IT security
- National institute of standards and technology controls
- Risk/vulnerability assessments
- Security - knowledge in networking, databases, systems and web operations
- SSP Required education/certifications:
- Bachelor Degree In Technology Field: OR At least 10 years of experience specific to security. - provided by Dice Security Analyst, security tools, Application Security, PCI/NIST, IRS Safeguard Computer Security Evaluation Matrix (SCSEM), Malware, SSP, Information Security, CISO, Documentation
Keywords: DatamanUSA, LLC, Columbia , Security Analyst (PCI/NIST), Professions , Columbia, South Carolina
Didn't find what you're looking for? Search again!