Job Seekers, Please send resumes to resumes@hireitpeople.comShort Description:
Monitor and advise on information security issues related to the systems & workflow @ an agency to ensure the internal IT security controls for an agency are appropriate & operating as intended.
Complete Description:
Years of Experience: 4-7 years of experience in the field or in a related area.
Responsibilities:
- Facilitate Security Control Assessment (SCA) and Continuous Monitoring Activities (Plans of Action and Milestones (POA&M) , Corrective Action Plans (CAP) with State of Michigan Applications.
- To be considered for this position, the candidate must be available to work in Lansing Michigan
- Examine, interview, and test procedures in accordance with NIST SP 800-53A Revision 4.
- Ensure State of Michigan & Agency policies are adhered to and that required controls are implemented.
- Validate respective information system security plans to ensure NIST control requirements are met.
- Execute SCA (DTMB-170) documentation, including but not limited to POA&M & CAP.
- Familiarity with NIST requirements, particularly 800-53 revision 3 and revision 4.
- Author recommendations associated with your findings on how to improve the customer’s security posture in accordance with SOM PSP & NIST controls.
- Ability to lead small, less complex system assessments independently
- Ability to assist team members & Vendors with proper artifact collection and detail to clients examples of artifacts that will satisfy assessment requirements
Qualifications:
- Candidate must have solid knowledge of information security principles and practices, as well as an advanced understanding of security protocols and standards.
- Candidate must have at (1-3) years of experience in the IT industry, and be familiar with the applicable NIST Special Publications 800-37 Revision 1, 800-53 Revision 3 or 4, and 800-53A Revision 1.
- Experience reviewing IT systems/applications plus basic knowledge of networking components and various operating systems in including UNIX and Microsoft.
- Candidate must have the ability to work independently and as part of a team
- Preferred that the candidate has a CISSP, CISA, PMP and/or Security+ certification, but it is not required
- Expertise in other Security Frameworks (ISO, NIST, COBIT, HIPAA/HITECH, etc.) and regulatory requirements is a plus
- Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience
- Collaborate on multiple projects at a given time and experience with Vendors is a plus
- Flexibility to adjust quickly to multiple demands, shifting priorities, ambiguity, and rapid change
Skill | Required / Desired | Amount | of Experience |
Candidate must have solid knowledge of information security principles and practices, as well as an advanced understanding of security protocols | Required | 2 | Years |
Candidate must have at (1-3) years of experience in the IT industry, and be familiar with the applicable NIST Special Publications 800-53 Revision 4 | Required | 2 | Years |
Experience reviewing IT systems/applications plus basic knowledge of networking components and various operating systems in including UNIX/Microsoft | Required | 2 | Years |
Candidate must have the ability to work independently and as part of a team | Required | 2 | Years |
Preferred that the candidate has a CISSP, CISA, PMP and/or Security+ certification, but it is not required | Desired | 1 | Years |
Expertise in other Security Frameworks (ISO, NIST, COBIT, HIPAA/HITECH, etc.) and regulatory requirements is a plus | Desired | 1 | Years |
Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience | Required | 2 | Years |
Collaborate on multiple projects at a given time and experience with Vendors is a plus | Desired | 2 | Years |
Flexibility to adjust quickly to multiple demands, shifting priorities, ambiguity, and rapid change | Desired | 2 | Years |
