This job ad has been posted over 40 days ago...


Contract Certified Information Security Professional

at RMS Computer Corporation in New York | NY Jobs

Location:New York, NY
Area Code:212

Type: Contract
Location: New York City
Start Date: Approx December 2, 2013 Duration: 1-2 Years

The Information Security Professional will primarily be responsible for creating and formalizing the agency Enterprise Risk Management program (ERM) in support of the Information Security Governance initiative towards completion. The elected candidate will also be responsible for creating an executive reporting standard utilizing a Security Information and Event Management (SIEM).
The Information Security Professional will work under the direct supervision of the CISO to interface with all business and IT users to create and document a standard risk management framework that identifies and mitigate agency risks across all business platforms.

Duties will include risk assessments and analysis of system vulnerabilities on the agency network and business systems, assurance metrics on identified risk indicators, and maintaining and updating the agency risk register.
The Information Security Professional must be available to work a minimum of 35 hours per week.
candidates must meet all the requirements below to be considered for
the Certified Information Security Professional position.
Minimum of five (5) years experience as an Information Security Professional.

Certification as a Certified Information Systems Security Professional (CISSP) and a Certified Information Security Manager (CISM) with either one of the following: Certified Risk & Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), Certified Secure Software Lifecycle Professional (CSSLP) or SANS GIAC (ISO-27001 preferred, but not required) certified.
Possess strong business acumen with excellent communication skills. Must have good presentation skills and comfortable communicating with mid and executive management. Strong documentation skills in policy and standards writing in addition to operational procedures. Must have conceptual skills to demonstrate complicated examples with visual illustrations for non-IT users.

Experience with Windows, Linux, UNIX and Citrix Thin Client environment. Ability to recommend Operating System hardening for all environments and systems. Expert Active Directory security experience is required.
Possess a broad knowledge of information security system controls (e.g. CISSP certified) and knowledge to identify technical, operational and business risks.
Able to multi-task, be pro-active in project planning and requirements gathering and capable of setting priorities based on impact and risk to the business without supervision.

Excellent interpersonal skills including negotiation, problem resolution and customer service.
Must have experience with Data Leakage Prevention, Endpoint Security, Intrusion Prevention Systems, Integrity Controls, Encryption, Access Controls, Incident Response Procedures, Log Management, and Security Architecture & Design.
Experience presenting security proposals to senior management and the ability to present complex ideas clearly and persuasively.
Prior experience as an Information Security Manager or Director of Information Security.
Prior and proven experience in Information Security with a focus on Enterprise Risk Management and Compliance.

Role: The Information Security Professional must align and document risk management expertise as it pertains to the business and IT operations; act as a subject matter expert (SME) on risk assessment, analysis and remediation. There are 18 security domains contained in the Information Security Management Program.

Objective: The Information Security Professional will aide in the establishment of a formal Enterprise Risk Management program and document the agency IT Security Governance and Compliance framework.

Deliverables: The Information Security Professional is responsible for the following:
o Complete the Information Security Operations and IT Standards documentation.
Standardize and document the agency Enterprise Risk Management plan.
Identify critical assets, risk owners, remediation strategies and document in the agency risk register.
Execute and certify the Enterprise Risk Management Program.
Create an executive dashboard for reporting metrics, Key Risk Indicators and Key Performance Indicators for identified critical business systems using a SIEM solution.
Reply to:

RMS Computer Corporation
1185 6th Ave.
36th Floor
New York, NY 10036
Phone: 212840.8666
Alt. phone: 888522.5576
Fax: 212768.7188

Recent jobs at RMS Computer Corporation
Contract BPM eFLow Production Support at RMS Computer Corporation in New Jersey | NJ Jobs 13-01-2014
Contract Oracle ERP at RMS Computer Corporation in New Jersey | NJ Jobs 13-01-2014
Contract PMO Coordinator (Global) at RMS Computer Corporation in New Jersey | NJ Jobs 13-01-2014
Contract SR Technical Recruiter - Financial Services at RMS Computer Corporation in New York | NY Jobs 13-01-2014
Contract JAVA/J2ee Tech Lead at RMS Computer Corporation in Delaware | DE Jobs 13-01-2014

« Go back to category
Is this technology job ad fake? Report it!   
Recommend to a friend
Published at 13-01-2014
Viewed: 291 times