Position Description:
The Security Specialist will play a pivotal role in the Cyber Security Enhancements Program that will improve and extend the State of Michigan’s security capabilities. Primary responsibilities will include leading, advising and creating security solutions for various projects and work streams. The Security Specialist will work closely with the IT department’s security leaders to assist in outlining best practices, security plans and staffing for areas including Risk Management and Compliance to support initiatives in progress and operationally. The Security Architect will be the key resource (lead) for the implementation of a best in class Governance, Risk and Compliance function. The ideal candidate must be a quick start, must be resourceful to accomplish tasks, and able to operate in a large complex IT environment. The candidate will need to have a broad background in the security domain including the tools and technologies, best practice processes and governance as well as implementation and integration.
• Lead the implementation of a Governance, Risk and Compliance function.
• Define the appropriate skill sets and staffing necessary to operate a GRC.
• Define the governance processes and procedures necessary to operate GRC.
• Outline the tools and technologies required to operate a GRC.
• Define and architect the integration of tools and technologies required to operate a GRC.
• Held accountable for the implementation and lead on a temporary basis into mature operations.
• Other responsibilities as deemed necessary by the security leadership.
SKILLS REQUIRED:
Excellent written and verbal communication skills.
• Ability to effectively work with employee and contract/consultants.
• Able to work on multiple work streams and projects in parallel.
• GRC Implementation experience (must have).
• Expert knowledge in RSAM (must have).
• Technical depth in Firewalls, VPN, Proxies, DNS, Networking.
• Hands-on experience with server and application scanning and scanning tools.
• CISSP - Certified Information Systems Security Professional.
SKILLS PREFERRED:
• Other security certifications (e.g. CISA).
• Experience in operating system architecture and administration (Unix & Windows).
• Patch Management & Vulnerability Management operations.
• Data Loss Protection experience.
EXPERIENCE REQUIRED:
Governance, Risk & Compliance (must have).
• RSAM (must have).
• Minimum 10 years’ experience in Security.
• Minimum 5 years’ experience in Network/Telecom.
• Minimum 5 years’ experience in managing teams.
• Experience in working within large IT organizations.
• Knowledgeable of security standards, specifically PCI, HIPPA.
• Security Communications and Awareness experience & capability.
• Experience is defining and creating security policies for large organizations.
EDUCATION REQUIRED: Bachelor Degree, preferably in IT, Engineering, Mathematics or other relevant.
EDUCATION PREFERRED: Masters’ degree in IT or Business.