Crescens
Security Architect
Crescens, Raleigh, North Carolina, United States, 27601
Job Title: Security ArchitectDuration: 12 MonthsLocation: Raleigh, NC-Initially RemoteNote:
The candidate will be allowed to
work remotely until all staff may be required to return to site . At that point the
candidate may be required to come onsite .The candidate will
need to come onsite the first day to collect equipment .Job Description:The Client requires a contract information security specialist (expert) architect/analyst resource to provide compliance program development, leadership, and management for client business, in addition to information security policy, standards, process, procedure, and application consulting.
This position will be an client Information Security Business Architect (ISBA, working title) dedicated primarily to support overall ISO Compliance Program development and management which can include, but is not limited to, compliance program components such as annual compliance reporting, Client Payment Card Industry (PCI-DSS), audit support, 3rd party, overall security, cloud, and identity compliance. This position will also deliver project consulting focused on information security compliance and assessment of data handled by client applications, systems, and third parties.This staff will lead ongoing PCI-DSS compliance maintenance and annual assessment functions. This staff will be responsible for identity, cloud, and overall agency IT security compliance leadership. To maintain adequate security posture and respond to security consulting needs, the ISO must have additional staff to support ISO project workload demand.The recruitment of this scarce resource is a top priority to maintain client's security compliance and risk management.Required Skills:
Current or prior role as a PCI-DSS Qualified Security Assessor (QSA) or PCI-DSS Internal Security Assessor (ISA) -Highly desiredExperience leading or directly supporting PCI-DSS annual assessment for a L1 or L2 merchant, familiarity with PCIDSS 3.2 or higher.Strong knowledge and experience architecting/designing implementations, configuring, and risk assessing AWS and/or Azure cloud computing environments.Progressive advanced experience as an IT information security professional working within an enterprise environment.Hands-on experience implementing, administrating and operating technologies such as firewalls, IDS/IPS, SIEM, antivirus, network traffic analyzersDetailed technical experience with network security, security protocols, access control, cryptography, application security, and data protection.Extensive experience with data classification, handling, assessment, and enforcement.Experience implementing and supporting systems within enterprise-class data center environments.Advanced knowledge of regulatory compliance including, but not limited to: OWASP, ISO, NIST, FISMA, PCI-DSS, HIP nd IRS-1075.Experience leading risk assessments using industry standard frameworks such as ISO or NIST for complex IT projects and technologies.Experience developing, leading and executing information security incident response plans.Experience developing and implementing information security policy, standards and procedures.Experience providing research and evidence in support of auditsCISSP information security certification -Highly desiredSpecific experience implementing, administrating, or operating Tenable Nessus- Highly desiredSpecific experience implementing, administrating, operating or utilizing IBM Qradar SIEM -Highly desiredExperience consulting on information security solutions for a state or federal agency- Highly desiredExperience implementing and operating enterprise class data networking solutions -Highly desiredExperience implementing and operating enterprise class server and storage systems -Highly desiredDetailed expert knowledge of NIST 800-53, and performing risk assessments utilizing NIST 800- 53- Highly desiredDetailed expert knowledge of ISO 27001, and performing risk assessments utilizing ISO 27001 -Highly desiredDetailed expert knowledge of the NIST Cyber Security Framework (CSF), and performing risk assessments utilizing the NIST CSF- Highly desiredFamiliarity and experience with the Department of Homeland Security (Client) Cyber Security Evaluation Tool (CSET)- Highly desiredExperience consulting on information security and IT solutions for a state motor vehicles agency or department of transportation- Highly desiredExperience performing risk assessments, documenting and driving compliance with the North Carolina DIT Statewide Information Security Manual- Highly desiredExperience completing NC Department of Information Technology Privacy Threshold Analysis (PTA) documentation- Highly desiredExperience completing NC Department of Information Technology Vendor Readiness Assessment Report (VRAR) documentation- Highly desiredTrained and experience implementing and operating with ITIL (formerly Information Technology Infrastructure Library) concepts -Highly desiredITIL (formerly Information Technology Infrastructure Library) certification -Nice to haveFamiliarity and practical experience with SABSA or TOGAF enterprise architecture frameworks and methodologies- Highly desiredSABSA or TOGAF certification
-Nice to have.
The candidate will be allowed to
work remotely until all staff may be required to return to site . At that point the
candidate may be required to come onsite .The candidate will
need to come onsite the first day to collect equipment .Job Description:The Client requires a contract information security specialist (expert) architect/analyst resource to provide compliance program development, leadership, and management for client business, in addition to information security policy, standards, process, procedure, and application consulting.
This position will be an client Information Security Business Architect (ISBA, working title) dedicated primarily to support overall ISO Compliance Program development and management which can include, but is not limited to, compliance program components such as annual compliance reporting, Client Payment Card Industry (PCI-DSS), audit support, 3rd party, overall security, cloud, and identity compliance. This position will also deliver project consulting focused on information security compliance and assessment of data handled by client applications, systems, and third parties.This staff will lead ongoing PCI-DSS compliance maintenance and annual assessment functions. This staff will be responsible for identity, cloud, and overall agency IT security compliance leadership. To maintain adequate security posture and respond to security consulting needs, the ISO must have additional staff to support ISO project workload demand.The recruitment of this scarce resource is a top priority to maintain client's security compliance and risk management.Required Skills:
Current or prior role as a PCI-DSS Qualified Security Assessor (QSA) or PCI-DSS Internal Security Assessor (ISA) -Highly desiredExperience leading or directly supporting PCI-DSS annual assessment for a L1 or L2 merchant, familiarity with PCIDSS 3.2 or higher.Strong knowledge and experience architecting/designing implementations, configuring, and risk assessing AWS and/or Azure cloud computing environments.Progressive advanced experience as an IT information security professional working within an enterprise environment.Hands-on experience implementing, administrating and operating technologies such as firewalls, IDS/IPS, SIEM, antivirus, network traffic analyzersDetailed technical experience with network security, security protocols, access control, cryptography, application security, and data protection.Extensive experience with data classification, handling, assessment, and enforcement.Experience implementing and supporting systems within enterprise-class data center environments.Advanced knowledge of regulatory compliance including, but not limited to: OWASP, ISO, NIST, FISMA, PCI-DSS, HIP nd IRS-1075.Experience leading risk assessments using industry standard frameworks such as ISO or NIST for complex IT projects and technologies.Experience developing, leading and executing information security incident response plans.Experience developing and implementing information security policy, standards and procedures.Experience providing research and evidence in support of auditsCISSP information security certification -Highly desiredSpecific experience implementing, administrating, or operating Tenable Nessus- Highly desiredSpecific experience implementing, administrating, operating or utilizing IBM Qradar SIEM -Highly desiredExperience consulting on information security solutions for a state or federal agency- Highly desiredExperience implementing and operating enterprise class data networking solutions -Highly desiredExperience implementing and operating enterprise class server and storage systems -Highly desiredDetailed expert knowledge of NIST 800-53, and performing risk assessments utilizing NIST 800- 53- Highly desiredDetailed expert knowledge of ISO 27001, and performing risk assessments utilizing ISO 27001 -Highly desiredDetailed expert knowledge of the NIST Cyber Security Framework (CSF), and performing risk assessments utilizing the NIST CSF- Highly desiredFamiliarity and experience with the Department of Homeland Security (Client) Cyber Security Evaluation Tool (CSET)- Highly desiredExperience consulting on information security and IT solutions for a state motor vehicles agency or department of transportation- Highly desiredExperience performing risk assessments, documenting and driving compliance with the North Carolina DIT Statewide Information Security Manual- Highly desiredExperience completing NC Department of Information Technology Privacy Threshold Analysis (PTA) documentation- Highly desiredExperience completing NC Department of Information Technology Vendor Readiness Assessment Report (VRAR) documentation- Highly desiredTrained and experience implementing and operating with ITIL (formerly Information Technology Infrastructure Library) concepts -Highly desiredITIL (formerly Information Technology Infrastructure Library) certification -Nice to haveFamiliarity and practical experience with SABSA or TOGAF enterprise architecture frameworks and methodologies- Highly desiredSABSA or TOGAF certification
-Nice to have.