Previous Job
Previous
Security Analyst
Ref No.: 14-01135
Location: Columbia, South Carolina
Department of Revenue
Columbia, SC
12 Months


Please make sure that candidates have the required security certification(s), ensure that they have at least 6 years of current experience in the required skills, and ensure the candidate is willing to work in Columbia, SC.

Develops and manages information security for the agency. This includes IT functional areas (e.g., data, systems, network and/or Web) across the enterprise. Assists in the development and implementation of information security policies and procedures based upon NIST SP 800-53. Develop and maintain Disaster Recovery and Business Continuity plans. Reviews third party systems and contracts for compliance with information security policy and standards. Reviews in house developed applications for compliance with information security policy and standards. Prepares status reports on security matters to develop security risk analysis scenarios and response procedures. Enforces information security policies and procedures by administering and monitoring security profiles, reviews security violation reports and investigates possible security exceptions, updates, and maintains and documents security controls.
Involved in the evaluation of products and/or procedures to ensure appropriate security. Represents the security needs of the organization by providing expertise and assistance in all IT projects with regard to security issues. Provides direct support to the business and IT staff for information security related issues. Assist in the development of information security rules of behavior for users. Educates IT and the business about information security policies and consults on security issues regarding user built/managed systems.
REQUIRED SKILLS (RANK IN ORDER OF IMPORTANCE):
Comprehensive knowledge of NIST special publications that will be utilized in the development and implementation of information security policies and procedures
Demonstrated experience in security compliance for third party and/or in house developed applications
Experience in Disaster Recovery and Business Continuity planning
Highly-developed and proven oral and written communication skills
Hands on experience in documenting and developing System Security plans
Knowledge of software development lifecycles and migrations from different systems or environments
Experience preparing and submitting an Information Security Program evaluation and compliance report
Experience in managing all aspects of information security within an enterprise organization, including but not limited to:
o
o Conducting continual surveys of all offices, departments and functions to determine the need for additional security services, and making appropriate recommendations.
o Experience supervising and directing personnel from other departments when conducting investigations.
o Proven experience developing, implementing and administering all aspects of a successful Information Security Program, including physical, technical, personnel, procedural and electronic security.
o Providing continual consultation and written reports to executive management concerning security issues
o Developing and maintaining organization security practices and processes on investigating and documenting suspicious incidents and policy violations.
o Creating documentation library and reporting processes for all investigations and Security Program operations
o Working with other department leaders, designing security components for operations and other strategic processes, and supervising the development and implementation of required security reporting devices and processes at all levels.

PREFERRED SKILLS (RANK IN ORDER OF IMPORTANCE):
Experience with configuring Web filters
Experience in securing Active directory
Working knowledge of securing Internet protocols, tools and techniques including but not limited to:
o Virtual Private Networking (VPN), TCP/IP, Local Area Networks (LAN), Wide Area Networks (WAN), DNS, DHCP
o Network device operating systems security configuration,
o Internet security
Knowledge of securing Virtual Machines, including VMware ESX and Virtual Desktop
Experience in securing web-based applications (e.g., Internet Information Services, SharePoint) for internal (intranet) sites and external (Internet) sites
Experience in reviewing firewalls to ensure appropriate security
Experience in configuring IDS/IPS to detect/prevent malicious activity
Experience defining processes to maintain security equipment, test intrusions, and the ensure alerting of threats.

REQUIRED CERTIFICATIONS:

CISSP, CISM, OR CISA
Category
Name
Required
Importance
Level
Last Used
Experience
Administrative Verbal Communication Skills Yes 1 Advanced Currently Using 6 + Years
Administrative Written Communication Skills Yes 1 Advanced Currently Using 6 + Years
Education CISM Yes 1 Advanced Currently Using 6 + Years
Education CISSP Yes 1 Advanced Currently Using 6 + Years
Networking & Directories Information Security Yes 1 Advanced Currently Using 6 + Years
Networking & Directories Security Program evaluation Yes 1 Advanced Currently Using 6 + Years
Program Management Software Development Lifecycle - SDLC Yes 1 Advanced Currently Using 6 + Years
Quality Assurance (QA) Disaster Recovery Yes 1 Advanced Currently Using 6 + Years
Specialties NIST Security Yes 1 Advanced Currently Using 6 + Years
Additional Skills: Please make sure that candidates have the required security certification(s), ensure that they have at least 6 years of current experience in the required skills, and ensure the candidate is willing to work in Columbia, SC.