This job is responsible for maintaining solid knowledge of IT Security and Compliance concepts around industry regulations and standards, controls, audit requirements, compliance, identity management, development, and IT infrastructure.
Focusing on all aspects of Technical Compliance, Policy and Governance, and Information Assurance (IA). We will be building out new programs and driving up the maturity in all Information Security disciplines
Conduct Perform vulnerability and risk assessment on Information Systems to ensure they are in compliance with security standards and measures utilizing Assured Compliance Assessment Solution (ACAS) and Nessus Scanner.
Collect and organize required evidence for NERC CIP compliance, such as network diagrams, access controls, ports and services, physical port security, malicious code prevention, security event monitoring, account management, and baseline components.
Responsible to gather customer requirements, prepare and manage detailed functional specifications, work with developers to ensure the solution meets business needs, and facilitate testing including managing test issues.
The ideal candidate for this position will have experience eliciting software requirements from stakeholders, analyzing and documenting those requirements, and translating the requirements into a format understandable to the software developers.
Implement Risk Management Framework (RMF), through the required government policy (i.e., NISPOM, JSIG, ICD etc.), make recommendations on process tailoring, participate in and document process activities.
The candidate will design, test, and implement secure operating systems, networks, security monitoring, tuning and management of IT security systems and applications, incident response, digital forensics, loss prevention, and eDiscovery actions.
The individual will be involved in all phases of the software development life cycle; this includes defining and documenting requirements, design, implementation, testing, reporting and quality assurance, in accordance with programming standards and SOPs.