in IS risk assessments and security controls. Responsibilities include
assessment, analysis and review of applications, systems tools, and
infrastructure. Requires experience in effectively & efficiently
interviewing/communicating with IS personnel and application owners to assess
risk, identify weaknesses, and provide solutions to resolve weaknesses. Responsibilities
include documenting application/system processes, data flows, inputs &
outputs for mainframe, middleware and distributed environments. Effectively
address exceptions to standards and guidelines. Track progress of projects and
assignments by developing/updating reports.
Experience and knowledge in:
Application Development Security
- Access Control
Telecommunications and Network Security
Corporate Policy and Standards
Legal, Regulatory and Industry Compliance
- Business Continuity and Disaster Recovery
regulatory requirements, industry standards and best practices is critical -
COBIT, ISO Standards, GLBA, SOX 404, PCI Compliance, HIPPA and others.
Candidates with industry recognized certifications is required - CISSP, CISA,
Projects run the
range of short (10 hours) to more extensive (140 hours) over the course of
months. Applicants must be able to manage multiple, concurrent assignments and
tasks and shifting priorities. Strong verbal and written skills are
critical, as is strong project management.
Knowledge of one or more of the following is a plus: Securing and
developing standards for Windows, Unix/Linux servers; securing virtual
computing environment; Microsoft Active Directory; PKI
Use of standard email and desktop tools such as Microsoft Word, Excel, and
PowerPoint is a requirement.