Security Compliance Analyst Job at LogiX-Guru in Pleasanton
LogiX-Guru, Pleasanton, CA, United States
Our client in California is seeking a Security Compliance Analyst to join their team on a long-term contract basis. No third-parties Location - Remote in CA but need to be able to go to Vacaville, CA or Pleasanton, CA office as needed, a few times a month Deliverables or Tasks: The tasks for the Security Analyst include, but are not limited to, the following: Conduct the most complex Risk Assessments (RAs) Provide in depth security knowledge and consultation when analyzing security risks (e.g., analyzing security related reports; evaluating security risks impacting Client; and making recommendations to all Client programs including Enterprise Procurement) Develop and maintain security policies and standards based on security frameworks and industry standards including the identification of risk rating for each security control Train/mentor new/existing ESEC team members on RAs/BRDs/TDDs/security defects (e.g., identify applicable security risks and mitigating controls; review for adherence to the System Engineering Handbook/Security Policies & Standards) Develop/maintain procedures (e.g., RA/BRD/TDD/security defects) Perform analysis on the most complex Security Incident Response (SIR) tickets as needed Attend meetings/Represent Information Security for all security matters Act as Lead/Co-Lead/Backup on assigned Information Security projects Other duties, to be assigned as needed. Mentoring & Skill Enhancement: Mentoring and Skills Enhancement of Client employees by Supplier Personnel resources are considered an integral part of this engagement. Supplier Personnel will work in a collaborative fashion with Client Contract Executive to create and provide a specific training to designated Client employees in those areas of Client's systems in which the Supplier Personnel has knowledge and expertise. Supplier Personnel will make every effort to provide skills enhancement at a satisfactory rate and report any issues that may impede the progress of training and mentoring. Supplier Personnel resources shall provide input to Contract Executive to develop training and mentoring plan to include specific skill sets, tasks, and training methodologies. Supplier Personnel will be responsible to execute the training and mentoring plan(s) with designated Client employees and shall provide input to refine and further develop training and mentoring plans as training progresses. Supplier Personnel shall meet and discuss progress of training to Client on a monthly basis. Client Contract Executive will be responsible to document a training plan on the "Mentoring & Skill Enhancement Planner" and to monitor progress of training and mentoring with the Client employee(s). The Mentoring & Skill Enhancement Tracker and Planner are provided as Attachment C to this SOW. Resource Requirements, Skills, Knowledge and Abilities: Supplier shall ensure that all resources assigned to the project have the minimum skills requirement to render the services in a competent and efficient manner. Technical Knowledge and Skills: Five (5) years of information technology experience, including two (2) years of lead/management experience performing a variety of progressively responsible technical and analytical work. Minimum of 5 years of security practices Technical security project management skills. Working experience using best practices standards and frameworks: ISO 27001/27002, PCI:DSS V4; GLBA; HIPPA/HITECH; NIST 800-53; CIS CONTROLS, NIST CSF, CIS RAM WORKING EXPERIENCE, at a minimum: HARDWARE: Networks switches, routers, load balancers, servers, storage systems, end-user systems, mobile devices, or other devices that enable the organization to complete its mission OPERATING SYSTEMS: UNIX, LINUX, WINDOWS o NETWORK: LAN, WAN, INTERNET, PROXY/FILTERING, FIREWALL, VPN, DMZ Network protocols such as TCP/IP, SNMP, SMTP, NTP, DNS, LDAP, NFS, SAMBA, ETC. DATABASES: ORACLE, SQL, MYSQL CLOUD PLATFORMS: IAAS, PAAS, SAAS Security concepts such as Encryption, Hardening, etc. SECURITY GRC ACTIVE DIRECTORY Programming Languages are a plus Professional Skills: The Consultant resources(s) shall possess most of the following skills: Strong analytical and critical thinking skills Excellent written and oral communication skills to effectively communicate across all levels of the organization Proven ability to present to a Senior Management Level and Executive audience Working experience of security, policy compliance, and governance frameworks including the NIST-800 series, PCI, ISO 27001/27001, ITIL, and COBIT Expert knowledge in security project management practices Self-motivated/Self-Starter/Proactive, working closely and actively communicating with team members to accomplish time critical tasks and deliverables Working experience in a highly regulated environment and managing information risks and expectations across multiple stakeholder groups Working experience of emergent security risks Convey and explain complex problems and solutions in an understandable language to both technical and non-technical persons Think creatively and critically, analyzing complex problems, weighing multiple solutions, and carefully selecting solutions appropriate to the business needs, project scope, and available resources Take responsibility for the integrity of the solution Ability to be a strategic thinker Demonstrated ability to influence others Experience in managing multiple projects 5 Years' experience in information security CISA, CISM, and/or CISSP Certification is required Core Competencies: Act with integrity Use sound judgement Commitment to quality Demonstrate adaptability Innovate Think strategically Communicate effectively and influence others Work well both independently and as part of a team Project Background and Information Current situation or condition: The Security Consultant will assist Enterprise Security in the management, development, and implementation of assigned security projects in accordance with Security Best Practices.