GRC Consultant
Downey, CA - Remote
12+ months
A Security Engineer serves as the security engineer of complex technology implementations in a product-centric environment; is comfortable with bridging the gap between legacy development or operations teams and working toward ashared culture and vision; works to ensure developers create the most secure systems while enhancing the privacy of all system users; and has experience with white-hat hacking and fundamental computer science concepts.
The Security Engineer will perform security audits, risk analysis, application-level vulnerability testing, and security code reviews; develop and implement technical solutions to help mitigate security vulnerabilities; and conduct research to identify new attack vectors.
Skills Required:
Security Engineers will possess knowledge and experience in safeguarding sensitive data from cyber-attacks.
Must have a minimum of ten (10) years of experience with developing and implementing technical solutions to help mitigate security vulnerabilities.
Requires the possession of a bachelor's degree in an IT-related or Engineering field. Additional qualifying experience may be substituted for the required education on a year-for-year basis.
Skills Preferred:
Comfortable working under the direction of a Departmental Chief Information Officer or user agency personnel • Exhibit skill managing all aspects of risk and compliance of Information Security disciplines while interacting with mid-level officials of similar capacity at the user agency and private sector. • Effectively engaging with IT teams, stakeholders, and leadership across the to develop, define and build risk assessment methodology with identified business priorities • Perform ongoing education and training in Information Security related areas • Possess knowledge and experience in customer service decision-making, flexibility, and interpersonal skills.
Experience managing a Governance, Risk, and Compliance program to achieve full compliance with defined IT Controls, and Security programs, and implementation of IT procedures focused on efficiency, effectiveness, and risk avoidance. • Experience in internal audit and the corporate security teams to assess, remediate and prevent information technology risks. • Experience with management and reporting of risk and security metrics. • Development of IT Strategies and roadmaps to achieve greater security compliance. • Provides oversight and project management of various internal and external audits, PCI, HIPAA, and CJIS compliance and risk/ control assessment engagements and regular penetration testing • Experience with business process reengineering; cost-benefit analysis; financial management; planning and evaluating • Experience with project management; quality assurance, requirements analysis, and risk management. • Experience in information resources strategy and planning • Knowledge of information technology architecture, information technology performance assessment, and infrastructure design • Experience with systems integration; systems life cycle; and technology awareness. • Background in IT Security Governance Risk, and Compliance. supporting Enterprise Multi-Tenant environment • Experience with security expertise in NIST 800-53 and ISO 270001/2 controls, PCI, HIPAA, and CJIS compliance and helps CSB to create best practice frameworks, policy creation, and business impact analysis • Experience in designing and implementing a program's efficient IT policies and procedures. • Experience responding, containing, remediating, and reporting on the infrastructure connecting to Public Cloud Providers, such as AWS, Azure, and/or GCP.
The candidate preferred to have one or more of the following professional certifications Qualified Security Assessor (QSA) • Certified Information Systems Auditor (CISA) • Certified in Risk and Information Systems Control (CRISC). • Certified Information Systems Security Professionals (CISSP) • Certified Information Security Manager (CISM) • Certified Information Privacy Professional (CIPP).
GRC Consultant
Downey, CA - Remote
12+ months
A Security Engineer serves as the security engineer of complex technology implementations in a product-centric environment; is comfortable with bridging the gap between legacy development or operations teams and working toward ashared culture and vision; works to ensure developers create the most secure systems while enhancing the privacy of all system users; and has experience with white-hat hacking and fundamental computer science concepts.
The Security Engineer will perform security audits, risk analysis, application-level vulnerability testing, and security code reviews; develop and implement technical solutions to help mitigate security vulnerabilities; and conduct research to identify new attack vectors.
Skills Required:
Security Engineers will possess knowledge and experience in safeguarding sensitive data from cyber-attacks.
Must have a minimum of ten (10) years of experience with developing and implementing technical solutions to help mitigate security vulnerabilities.
Requires the possession of a bachelor's degree in an IT-related or Engineering field. Additional qualifying experience may be substituted for the required education on a year-for-year basis.
Skills Preferred:
Comfortable working under the direction of a Departmental Chief Information Officer or user agency personnel • Exhibit skill managing all aspects of risk and compliance of Information Security disciplines while interacting with mid-level officials of similar capacity at the user agency and private sector. • Effectively engaging with IT teams, stakeholders, and leadership across the to develop, define and build risk assessment methodology with identified business priorities • Perform ongoing education and training in Information Security related areas • Possess knowledge and experience in customer service decision-making, flexibility, and interpersonal skills.
Experience managing a Governance, Risk, and Compliance program to achieve full compliance with defined IT Controls, and Security programs, and implementation of IT procedures focused on efficiency, effectiveness, and risk avoidance. • Experience in internal audit and the corporate security teams to assess, remediate and prevent information technology risks. • Experience with management and reporting of risk and security metrics. • Development of IT Strategies and roadmaps to achieve greater security compliance. • Provides oversight and project management of various internal and external audits, PCI, HIPAA, and CJIS compliance and risk/ control assessment engagements and regular penetration testing • Experience with business process reengineering; cost-benefit analysis; financial management; planning and evaluating • Experience with project management; quality assurance, requirements analysis, and risk management. • Experience in information resources strategy and planning • Knowledge of information technology architecture, information technology performance assessment, and infrastructure design • Experience with systems integration; systems life cycle; and technology awareness. • Background in IT Security Governance Risk, and Compliance. supporting Enterprise Multi-Tenant environment • Experience with security expertise in NIST 800-53 and ISO 270001/2 controls, PCI, HIPAA, and CJIS compliance and helps CSB to create best practice frameworks, policy creation, and business impact analysis • Experience in designing and implementing a program's efficient IT policies and procedures. • Experience responding, containing, remediating, and reporting on the infrastructure connecting to Public Cloud Providers, such as AWS, Azure, and/or GCP.
The candidate preferred to have one or more of the following professional certifications Qualified Security Assessor (QSA) • Certified Information Systems Auditor (CISA) • Certified in Risk and Information Systems Control (CRISC). • Certified Information Systems Security Professionals (CISSP) • Certified Information Security Manager (CISM) • Certified Information Privacy Professional (CIPP).
