Architect - Expert ISO Policy Change Development (Remote)

Job Title: Architect - Expert ISO Policy Change Development (Hybrid)
Location: Raleigh NC
Duration: 12 Months

Job Description:

The client requires a contract information security specialist (expert) architect/analyst resource to provide information security policy process procedure and program development for client and the client business. This position will be an client Information Security Business Architect (ISBA working title) dedicated primarily to support the creation and update of clients security program and related policies standards and procedures/processes.

Skills:

Skill

Required/Desired

Amount

of Experience

Current or prior role as a PCI-DSS Qualified Security Assessor (QSA) or PCI-DSS Internal Security Assessor (ISA)

Desired

Experience leading or directly supporting PCI-DSS annual assessment for a L1 or L2 merchant familiarity with PCI-DSS 3.2 or higher.

Desired

Strong knowledge and experience architecting/designing implementations configuring and risk assessing AWS and/or Azure cloud computing environments.

Desired

Progressive advanced experience as an IT information security professional working within an enterprise environment.

Required

5

Years

Hands-on experience implementing administrating and operating technologies such as firewalls IDS/IPS SIEM antivirus network traffic analyzers

Nice to have

5

Years

Detailed technical experience with network security security protocols access control cryptography application security and data protection.

Required

5

Years

Extensive experience with data classification handling assessment and enforcement.

Required

5

Years

Experience implementing and supporting systems within enterprise-class data center environments.

Required

5

Years

Advanced knowledge of regulatory compliance including but not limited to: OWASP ISO NIST FISMA PCI-DSS HIPAA and IRS-1075.

Required

5

Years

Experience leading risk assessments using industry standard frameworks such as ISO or NIST for complex IT projects and technologies.

Required

5

Years

Experience developing leading and executing information security incident response plans.

Required

5

Years

Experience developing and implementing information security policy standards and procedures.

Required

5

Years

Experience providing research and evidence in support of audits.

Required

3

Years

CISSP information security certification.

Nice to have

Specific experience implementing administrating or operating Tenable Nessus.

Nice to have

Specific experience implementing administrating operating or utilizing IBM Qradar SIEM

Highly desired

2

Years

Experience consulting on information security solutions for a state or federal agency.

Required

2

Years

Experience implementing and operating enterprise class data networking solutions

Nice to have

Experience implementing and operating enterprise class server and storage systems

Nice to have

Years

Detailed expert knowledge of NIST 800-53 and performing risk assessments utilizing NIST 800-53.

Required

2

Years

Detailed expert knowledge of ISO 27001 and performing risk assessments utilizing ISO 27001

Nice to have

Detailed expert knowledge of the NIST Cyber Security Framework (CSF) and performing risk assessments utilizing the NIST CSF.

Required

2

Years

Familiarity and experience with the Department of Homeland Security (DHS) Cyber Security Evaluation Tool (CSET).

Nice to have

2

Years

Experience consulting on information security and IT solutions for a state motor vehicles agency or department of transportation.

Required

Experience performing risk assessments documenting and driving compliance with the North Carolina DIT Statewide Information Security Manual.

Required

Experience completing NC Department of Information Technology Privacy Threshold Analysis (PTA) documentation.

Nice to have

Experience completing NC Department of Information Technology Vendor Readiness Assessment Report (VRAR) documentation.

Highly desired

Trained and experience implementing and operating with ITIL (formerly Information Technology Infrastructure Library) concepts.

Nice to have

ITIL (formerly Information Technology Infrastructure Library) certification.

Nice to have

Familiarity and practical experience with SABSA or TOGAF enterprise architecture frameworks and methodologies.

Nice to have

SABSA or TOGAF certification.

Nice to have