The client requires a senior information security architect analyst specializing in risk assessment and business technical consultation. This architect resource will consult on multiple projects to recommend security best practices, develop architectures and hardening guides, and review and evaluate solutions against relevant risk frameworks and regulations.
This resource should possess senior information security technical skillsets as well as senior soft skills as this resource will interface with IT and business leaders across the agency. This resource should possess senior skillsets in preparing reports and presentations to senior management, program/project management, and related staff on the recommendations, issues, and status of any given IT information security aspect of a project or initiative. This resource must have extensive advanced information security practitioner experience with hands-on experience implementing and operating a suite of standard information security technologies such as but not limited to firewalls, IDS/IPS, SIEM, and network traffic capture and analysis.
The position will require extensive experience and knowledge of information security frameworks such as ISO 27001, NIST 800-53, and other standards such as PCI- DSS, FISMA, OWASP, and law, and General Statute. This position will benefit from familiarity and experience with IT architecture frameworks and methodologies such as SABSA and TOGAF.
Desired Skills
- Progressively advanced experience as an IT information security professional working within an enterprise environment
- Hands-on experience implementing, administrating, and operating technologies such as firewalls, IDS/IPS, SIEM, Antivirus, Network Traffic Analyzers
- Experience leading PCI-DSS annual assessment and evidence gathering, familiarity with PCI- DSS 3.2 or higher
- Experience leading risk assessments using industry-standard frameworks such as ISO or NIST for complex IT projects and technologies
- Familiarity and practical experience with SABSA or TOGAF enterprise architecture frameworks and methodologies
- Advanced knowledge of regulatory compliance including, but not limited to OWASP, ISO, NIST, FISMA, PCI-DSS, HIPAA and IRS-1075
- CISSP, GSEC, CEH, Security+ or similar information security certification
- SABSA or TOGAF certification
- Specific experience implementing, administrating, or operating Tenable Nessus
- Specific experience implementing, administrating, or operating IBM Qradar SIEM
- Experience consulting on information security and IT solutions .
- Experience developing, leading, and executing information security incident response plans
- Experience developing and implementing an information security policy, standards, and procedures.
- Experience implementing and operating enterprise-class data networking solutions
- Experience implementing and operating enterprise-class server and storage systems
- Experience implementing and supporting systems within enterprise-class data center environments
- Advanced experience performing risk assessments against NIST 800-53
- Experience consulting on information security.