Security Controls Accessor/IT Auditor
Security Controls Assessor/IT AuditorRemoteMust be GC or US Citizen per client
Responsibilities:
?Lead and conduct multi-level (application, database, operating system, middleware, monitoring tools, and business processes) security control assessments of HRSA systems based on predefined test objectives and test plans.
?Coordinate, and track interviews with system owners, ISSOs, and administrators on operational, management, and technical processes.
?Draft Security Control Assessment Plans (SCAP) to include the scope and methodology for testing.
?Develop test procedures and/or document recommendations for test plan modifications that improve validation of control objectives.
?Assist the assessment team obtaining, reviewing, and interpreting evidence provided to validate security controls are implemented properly and performing effectively.
?Review the security controls in the information system and its environment of operation to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting established security requirements.
?Work with the HRSA Risk Management (RM) team to determine risks to the system based on vulnerability results and compensating or mitigating controls in place.
?Produce the Security Assessment Report (SAR) that documents the results of the assessment.
?Review asset, application, and code scan results from various tools for assessed systems ?Review compliance scans against defined HRSA baselines for assessed systems.
?Provide recommendations to system owners and Information System Security Officers (ISSOs) for remediating identified vulnerabilities.
?Write supporting documentation for security control assessment and other risk management processes and procedures.
?Provide process improvement recommendations for day-to-day operations.
?Provide technical guidance to the HRSA RM team and other stakeholders as needed.
?Experience in Information Security and with the use of security devices.
Skills &
Experience:
?CISA Certification, required.
?CISSP, CISM, MCSE, or CAP preferred.
?5
years of experience in a similar role.
?Excellent knowledge of FISMA regulation, FIPS standards, NIST 800 series, NIST Special Publications, Risk Management Framework, and other applicable guidance.
?Excellent knowledge of IT security and infrastructure.
?Experience with vulnerability assessment and reporting including comprehensive understanding of Vulnerability Management methodologies and procedures.
?Expertise in firewalls, VPN, Data Loss Prevention, IDS/IPS, Web-Proxy, and security audits.
?Great analytical skills to review various aspects of an organization's information system.
?Strong attention to detail with an analytical mind and outstanding problem-solving skills.
?Great awareness of cybersecurity trends and hacking techniques.
?Self-educating capacity to stay abreast of all IT-related discoveries and conventions and ability to learn new skills quickly.
?Familiar with a range of software (MS Office Suite, Synopsis Suite, Tenable Nessus, RSA Archer).
?Excellent written and verbal communication skills.
?Strong interpersonal skills.
?Prior training experience is a plus.
?Experience troubleshooting systems.
?Ability to work under pressure in a fast-paced environment.
Recommended Skills Analytical Assessments Attention To Detail Business Process Improvement Business Processes Certified Information Security Manager Estimated Salary: $20 to $28 per hour based on qualifications.
Responsibilities:
?Lead and conduct multi-level (application, database, operating system, middleware, monitoring tools, and business processes) security control assessments of HRSA systems based on predefined test objectives and test plans.
?Coordinate, and track interviews with system owners, ISSOs, and administrators on operational, management, and technical processes.
?Draft Security Control Assessment Plans (SCAP) to include the scope and methodology for testing.
?Develop test procedures and/or document recommendations for test plan modifications that improve validation of control objectives.
?Assist the assessment team obtaining, reviewing, and interpreting evidence provided to validate security controls are implemented properly and performing effectively.
?Review the security controls in the information system and its environment of operation to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting established security requirements.
?Work with the HRSA Risk Management (RM) team to determine risks to the system based on vulnerability results and compensating or mitigating controls in place.
?Produce the Security Assessment Report (SAR) that documents the results of the assessment.
?Review asset, application, and code scan results from various tools for assessed systems ?Review compliance scans against defined HRSA baselines for assessed systems.
?Provide recommendations to system owners and Information System Security Officers (ISSOs) for remediating identified vulnerabilities.
?Write supporting documentation for security control assessment and other risk management processes and procedures.
?Provide process improvement recommendations for day-to-day operations.
?Provide technical guidance to the HRSA RM team and other stakeholders as needed.
?Experience in Information Security and with the use of security devices.
Skills &
Experience:
?CISA Certification, required.
?CISSP, CISM, MCSE, or CAP preferred.
?5
years of experience in a similar role.
?Excellent knowledge of FISMA regulation, FIPS standards, NIST 800 series, NIST Special Publications, Risk Management Framework, and other applicable guidance.
?Excellent knowledge of IT security and infrastructure.
?Experience with vulnerability assessment and reporting including comprehensive understanding of Vulnerability Management methodologies and procedures.
?Expertise in firewalls, VPN, Data Loss Prevention, IDS/IPS, Web-Proxy, and security audits.
?Great analytical skills to review various aspects of an organization's information system.
?Strong attention to detail with an analytical mind and outstanding problem-solving skills.
?Great awareness of cybersecurity trends and hacking techniques.
?Self-educating capacity to stay abreast of all IT-related discoveries and conventions and ability to learn new skills quickly.
?Familiar with a range of software (MS Office Suite, Synopsis Suite, Tenable Nessus, RSA Archer).
?Excellent written and verbal communication skills.
?Strong interpersonal skills.
?Prior training experience is a plus.
?Experience troubleshooting systems.
?Ability to work under pressure in a fast-paced environment.
Recommended Skills Analytical Assessments Attention To Detail Business Process Improvement Business Processes Certified Information Security Manager Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
