Responsibilities:
Analyze complex, enterprise environments from an information security perspective
Evaluate organizations against multiple best practice control frameworks, vertical specific requirements, or federal/state regulations:
– ISO 27001/2
– HIPAA
– PCI/DSS
– COBIT
– NERC/CIP
– FISMA/NIST
– FFIEC
– Develop comprehensive information security documentation
– Policies
– Standards
– Guidelines
– Procedures
– Conduct assessments of (or build) Business Continuity Programs, based on best practices.
– Conduct physical security assessments of data centers and other facilities
– Conduct risk assessments of business processes and supporting applications; including:
– the determination of inherent risk
– evaluating the existence of controls that help reduce risk
– determine residual risk and risk treatment plans
– Conduct assessments against (or develop) vulnerability and threat management programs
– Work with senior level stakeholders (managers, directors and CISO’s) to provide strategic information security guidance
Qualifications:
• Bachelor’s degree in Business, IT or related field or equivalent experience
• 7 + years of IT technical/security experience
• Information security certification; one of the following (CISSP, CISM, CISA or CRISC)
• Strong ability to articulate business risks of technical issues to client personnel
• Identify and communicate assessment findings to client personnel
• Recognize performance improvement opportunities for client
• Ability to deal with both technical and non-technical client personnel
• Solid understanding of best practice control frameworks and regulatory requirements:
o HIPAA/HITECH
o ISO 27001/2
o ISO 27005
o PCI/DSS
o GLBA / FFIEC Audit handbook
• Knowledge of core Information Security concepts related to Governance, Risk & compliance
• Strong analytical / problem solving skills
• Broad knowledge of infrastructure (network and servers), services and security policies
• Demonstrated understanding of internal security controls
• Proven ability to assess risks and controls and identify opportunities for improvement
• Demonstrated initiative and commitment for results and the ability to set priorities and manage multiple and concurrent projects
• Demonstrated ability to work in a team environment
• Expert knowledge of information security topics, system architecture and Internet technology
• Excellent communication skills both written and verbal are required
• Ability to act independently and exercise good judgment as well as the ability to work cross functionally and create virtual teams is essential
• Ability to prioritize and manage multiple tasks
-Offer 100% paid health and dental. T
-This opening is a permanent opening with a salary in the range of 110-115K, pending the individual.
Contact Information:
Ryan Mac Donald
Senior Staffing Consultant
Midwest Consulting Group
913-693-8200-Office
913-522-0179-Cell
ryanm@mcginfo.com
Midwest Consulting Group partial list of technical openings:
https://ryanmacdonald1.wordpress.com/