NEW JOB OPENING
SECURITY COMPLIANCE ANALYST
IN Vacaville, CA, USA!

DELIVERABLES OR TASKS:

The tasks for the Security Analyst include, but are not limited to, the following:

1. Conduct the most complex Risk Assessments (RAs)

2. Provide in depth security knowledge and consultation when analyzing security risks (e.g., analyzing security related reports; evaluating security risks impacting Client; and making recommendations to all Client's programs including Enterprise Procurement)

3. Develop and maintain security policies and standards based on security frameworks and industry standards including the identification of risk rating for each security control

4. Train/mentor new/existing ESEC team members on RAs/BRDs/TDDs/security defects (e.g., identify applicable security risks and mitigating controls; review for adherence to the System Engineering Handbook/Security Policies & Standards)

5. Develop/maintain procedures (e.g., RA/BRD/TDD/security defects)

6. Perform analysis on the most complex Security Incident Response (SIR) tickets as needed

7. Attend meetings/Represent Information Security for all security matters

8. Act as Lead/Co-Lead/Backup on assigned Information Security projects

9. Other duties, to be assigned as needed.





TECHNICAL KNOWLEDGE AND SKILLS:

Five (5) years of information technology experience, including two (2) years of lead/management experience performing a variety of progressively responsible technical and analytical work.

Minimum of 5+ years of security practices

1. Technical security project management skills.

2. Working experience using best practices standards and frameworks: ISO 27001/27002, PCI:DSS V4; GLBA; HIPPA/HITECH; NIST 800-53; CIS CONTROLS, NIST CSF, CIS RAM

3. WORKING EXPERIENCE, at a minimum:

• HARDWARE: Networks switches, routers, load balancers, servers, storage systems, end-user systems, mobile devices, or other devices that enable the organization to complete its mission

• OPERATING SYSTEMS: UNIX, LINUX, WINDOWS o NETWORK: LAN, WAN, INTERNET, PROXY/FILTERING, FIREWALL, VPN, DMZ

• Network protocols such as TCP/IP, SNMP, SMTP, NTP, DNS, LDAP, NFS, SAMBA, ETC.

• DATABASES: ORACLE, SQL, MYSQL

• CLOUD PLATFORMS: IAAS, PAAS, SAAS

• Security concepts such as Encryption, Hardening, etc.

• SECURITY GRC

• ACTIVE DIRECTORY

• Programming Languages are a plus



PROFESSIONAL SKILLS:

The Consultant resources(s) shall possess most of the following skills:

• Strong analytical and critical thinking skills

• Excellent written and oral communication skills to effectively communicate across all levels of the organization

• Proven ability to present to a Senior Management Level and Executive audience

• Working experience of security, policy compliance, and governance frameworks including the NIST-800 series, PCI, ISO 27001/27001, ITIL, and COBIT

• Expert knowledge in security project management practices

• Self-motivated/Self-Starter/Proactive, working closely and actively communicating with team members to accomplish time critical tasks and deliverables

• Working experience in a highly regulated environment and managing information risks and expectations across multiple stakeholder groups

• Working experience of emergent security risks

• Convey and explain complex problems and solutions in an understandable language to both technical and non-technical persons

• Think creatively and critically, analyzing complex problems, weighing multiple solutions, and carefully selecting solutions appropriate to the business needs, project scope, and available esources

• Take responsibility for the integrity of the solution

• Ability to be a strategic thinker

• Demonstrated ability to influence others

• Experience in managing multiple projects

• 5+ Years’ experience in information security

• CISA, CISM, and/or CISSP Certification is required



CORE COMPETENCIES:

• Act with integrity

• Use sound judgement

• Commitment to quality

• Demonstrate adaptability

• Innovate

• Think strategically

• Communicate effectively and influence others

• Work well both independently and as part of a team

• **Only those lawfully authorized to work in the designated country associated with the position will be considered.**

• **Please note that all Position start dates and duration are estimates and may be reduced or lengthened based upon a client’s business needs and requirements.**