WASHINGTON, DC, USA
3 days ago
IT Security Policy Advisor
Job Seekers, Please send resumes to resumes@hireitpeople.com

Short Description:

IT Security Policy Advisor is needed to facilitate immediate and comprehensive review of OCTO IT security policies

and procedures to identify gaps, update existing policies and to recommend implementation of new security

policies and procedures to CTO

 

Complete Description:

Provides review, guidance and development of OCTO IT security risk assessment policies and procedures and

monitors adherence in order to ensure information systems reliability and accessibility and to prevent and defend

against unauthorized access to systems, networks and data. Guides and assists systems staff to ensure the proper

and timely implementation of information systems security standards. Conducts IT security risk and vulnerability assessments for planned and installed systems as requested. Provides guidance to staff pertaining to the preparation, authentication, safeguarding and transmission of sensitive and confidential materials. Versatile with identifying and implementing new security practices and solutions to ensure governance controls and compliance to State, Local and Federal regulations. Ability to draft security advisories and vulnerability compliance documentation for user distribution.

 

The responsibilities include, but are not limited to:

•             Serve as an advisor to the Chief Technology Security Officer (CTO) on a variety of cyber security matters and assisting with the implementation of enterprise information assurance, privacy policies, and procedures that ensure appropriate treatment of risk, compliance and assurance from internal and external perspectives

•             Update, edit, and draft cyber security policies, methods, and standards for the Office of the Chief Technology Officer

•             Attend various status meetings to discuss and resolve issues surrounding the security posture of the information systems and networks under OCTO

•             Experience in cyber security, performing tasks such as security authorization (formerly certification and accreditation), Plan of Action and Milestones Management (POA&M), vulnerability management, as well as compliance and reporting

•             Identify and report gaps in the existing cyber security procedures and processes and providing recommendations for improvements

•             Assist in developing Security and Cyber Awareness programs for the user community.

•             Understanding of various cyber security laws, regulations and standards, including, the Federal Information Security Management Act (FISMA), the National Institutes of Standard and Technology (NIST) guidance and standards, HIPAA, Sarbannes-Oxley, FTI, IRS Publication 1075

•             Comfortable communicating with stakeholders at various levels in the chain of command.

•             Ability to prioritize assignments on a daily basis

•             Some technical writing and edit work may be required

 

 

Behavior Characteristics:

Highly articulate; Excellent writing skills; 

 

Skill

Required / Desired

Amount

of Experience

Expertise Rating

Experience in setting IT security standards

Required

8

Years

3 - Expert

Experience in establishing IT security policies for financial or health institutions

Required

10

Years

3 - Expert

Experience in providing security policy guidance/publication in large enterprises

Required

10

Years

3 - Expert

Responsible for crafting policy, planning and management concepts

Required

6

Years

3 - Expert

Expert knowledge and implementation of FISMA and NIST security standards

Required

6

Years

3 - Expert

Broad experience and responsibility for ERM

Highly desired

6

Years

2 - Proficient

CISM Certification

Highly desired

 

 

 

CISSP Certification

Highly desired

 

 

 

Experience in translating goals for security into effective IT security policies

Required

6

Years

3 - Expert

Experience with PCI DSS

Required

3

Years

2 - Proficient

Bachelor's degree

Required

 

 

 

Practical knowledge and experience in information security best practices and industry standards

Required

8

Years

 

 

Confirm your E-mail: Send Email