Previous Job
Previous
Security Analysts
Ref No.: 18-06205
Location: Pleasanton, California
Position#1:
The tasks for the Security Consultant include, but are not limited to, the following:
1.Act as a Lead Consultant/Subject Matter Expert/domain champion
2.Work on development of Information Security plan (ISP) and performing gap analyses
3.Assist in updating/developing ISP, policies, training materials, website, procedures, controls, etc.
4.Assist with audit remediation validation for compliance to security policies/standards
5.Assist in the evaluation of security risk assessments and gap analysis
6.Knowledge transfer to and training of State Fund employees
7.Assist in updating/developing policies, training materials, website, procedures, controls, etc.
8.Assist in creating policy compliance procedures including compliance measurement reports/dashboard
9.Assist with audit remediation validation for compliance to security policies/standards
10.Assist with the implementation of the various security tools
11.Knowledge transfer to and training of State Fund employees
12.Attend meetings/Represent Enterprise Security as a Senior Lead for all security matters
13.Act as Lead/Co-Lead/Backup on assigned Enterprise Security projects
14.Knowledge transfer to and training of State Fund employees




Position#2:

The tasks for the Security Analyst include, but are not limited to, the following:
1.Assist with reviewing various security related reports and providing improvement in the security processes and procedures
2.Assist with audit remediation and pretesting based on security best practices and controls
3.Assist with other security and compliance related initiatives and reviews
4.Assist in updating/developing existing/new policies, training materials, website, procedures, controls, reports, dashboards etc.
5.Assist in the evaluation of security risk assessments
6.Assist with the implementation of the GRC tool
7.Assist with Disaster Recovery Data Assessment
8.Attend meetings/Represent Information Security for all security matters
9.Act as Lead/Co-Lead/Backup on assigned Information Security projects
10.Knowledge transfer to and training of employees




TECHNICAL KNOWLEDGE AND SKILLS:
• Hardware: network switches, routers, load balancers, servers, storage systems
• Operating Systems: UNIX, Linux, Windows
• Network: LAN, WAN, Internet, Proxy/Filtering, Firewall, VPN, DMZ
• Network Protocols such as TCP/IP, SNMP, SMTP, NTP, DNS, LDAP, NFS, Samba, etc
• Active Directory
• Vulnerability Assessments
• Secure Software Development Lifecycle
• Penetration Testing
• Security
• Mainframe DB2
• Oracle databases
• Best Practices Standards: ISO 27001/27002, PCI:DSS v3; GLBA; HIPPA/HITECH; NIST 800-53; California State Administrative Manual.
• Excellent communication, technical writing, and customer service skills
• Critical thinking skills
• MUST POSSESS CURRENT CISA AND CISSP CERTIFICATIONS

PROFESSIONAL SKILLS:
The Consultant resource(s) shall possess most of the following skills:
• Strong analytical and critical thinking skills with the ability to analyze information and identify and formulate solutions to problems.
• Provide more in-depth analysis with a high-level view of goals and end deliverables.
• Remain proactive and complete work within a reasonable time frame under the supervision of a manager or team lead.
• Plan and manage all aspects of the support function.
• Extensive knowledge of and proven experience with Information Technology systems, and methods of developing, testing and moving solutions to implementation.
• Strong knowledge in project management practices and ability to document processes and procedures as needed.
• Work collaboratively with other support team members and independently on assigned tasks and deliverables with minimum supervision
• Communicate effectively with users at all levels, from analyst up to senior management, verbally and in writing.
• Self-motivated, working closely and actively communicating with team members to accomplish time critical tasks and deliverables
• Ask questions and share information gained with other support team members, recording and documenting this knowledge
• Elicit and gather user requirements and/or problem description information, and record this information accurately
• Listen carefully and act upon user requirements
• Convey and explain complex problems and solutions in an understandable language to both technical and non-technical persons
• Present technical solutions to management and decision makers
• Follow the lead of others on assigned projects as well as take the lead when deemed appropriate
• Think creatively and critically, analyzing complex problems, weighing multiple solutions, and carefully selecting solutions appropriate to the business needs, project scope, and available resources
• Take responsibility for the integrity of the solution
• 5-15+ YEARS' EXPERIENCE IN INFORMATION SECURITY, AUDIT, AND SECURITY/AUDIT COMPLIANCE.
• CISSP REQUIRED. OTHER HIGHLY DESIRABLE SECURITY CERTIFICATIONS MAY BE SUBSTITUTED FOR CISSP (FOR E.G., CISM, CISA, ETC.)
• EXTENSIVE EXPERIENCING CONDUCTING ISO 27K GAP ASSESSMENT PREFERRED BUT NOT REQUIRED
SHOULD HAVE EXTENSIVE EXPERIENCE IN LEADING IT SECURITY/COMPLIANCE/AUDIT PROJECTS.