Business/Information Security Analyst
Primary Skill
Experience defining, revising, and implementing information security
policies, standards, and procedures for risk mitigation,NIST, GAPP, and/or CJIS
security requirements for IT
Interview
FACE to FACE
Bill Rate
Competitive
Location
Lansing, Michigan
Duration
1+ Year
# of Positions
1
Description
Develops risk policies and procedures per policy framework. Ensures all
technical, management, and operational controls are in-place to maintain an
acceptable risk level for assigned systems. Liaison between IT and client.
Relies on experience and judgment to plan and accomplish goals, independently
performs a variety of complicated tasks, a wide degree of creativity and
latitude is expected.
Develops and implements risk policies, standards, and procedures (PSP) per
applicable privacy and security framework to address audit gaps. Provides risk
and compliance related support to the Security Accreditation Process Team and
client Information Security Officer (ISO) in best aligning policies/procedures
with relevant Plan of Actions and Milestones (POA&M). Reviews, analyzes and
identifies opportunities and leads changes to PSP to reduce policy burden on
enterprise and increase the proper alignment across the agency. Properly
manages potential policy changes and impacts, risk- based recommendations, and
relevant resolution/mitigation plans. Facilitates cross-functional team
meetings to best reach agreement on the most effective and sustainable PSP in
various risk and compliance areas. Communicates and socializes Security policy
and risk management throughout the organization and gather feedback where
appropriate. Manages the processes to streamline PSP.
Reviews, analyzes, and evaluates business systems and user needs. Formulates
systems to parallel overall business strategies. Experienced with business
process reengineering and identifying new applications of technology to
business problems to make business more effective. Familiar with industry
standard (including Legacy, Core, and Emerging technologies), business process
mapping, and reengineering. Prepares solution options, risk identification, and
financial analyses such as cost/benefit, ROI, buy/build, etc.
Knowledge of commonly-used concepts, practices, and procedures within a
particular field. Familiar with relational database concepts, and client-server
concepts. Relies on limited experience and judgment to plan and accomplish
goals. Performs a variety of tasks. Works under general supervision. A certain
degree of creativity and latitude is required.
Skill Matrix
PLEASE FILL THE SKILL MATRIX TABLE AVAILABLE COLUMN WITH YOUR NUMBER OF YEAR
WISE EXPERIENCE
SKILL YEARS USED AVAILABLE
Experience defining, revising, and implementing information security policies,
standards, and procedures for risk mitigation. 4 Years Required
Experience in Information Security, Information Technology, Compliance or Risk
Management. 4 Years Required
Knowledge of NIST, GAPP, and/or CJIS security requirements for IT. 2 Years
Required
Practical experience with the basic tenets of security risk management (threat
mgmt., vulnerability mgmt., and risk treatment). 2 Years Required
Demonstrated ability to translate information security risks or other IT
concepts into language easily understood by a non-technical audience. 10 Years
Required
Experience with drafting requirement traceability matrices and test plans for
requirement validation. 5 Years Desired
Skilled with IT process/methodology (e.g. ITIL, COBIT, LEAN, Six Sigma, CMM)
and experience implementing processes and methodologies 4 Years Required
Experience with Joint Application Development (JAD) session facilitation 10
Years Required
Excellent written communication and customer-facing verbal communication
skills. 12 Years Required
Demonstrated ability to coordinate/manage initiatives from end-to-end with
minor supervision. 10 Years Required
Experience with issue tracking tools (e.g. TFS, JIRA, Bugzilla). 4 Years
Required
Reference : Direct Client Rek for Business/Information Security Analyst jobs
Source: http://jobrealtime.com/jobs/technology/direct-client-rek-for-businessinformation-security-analyst_i3124
Jobs Real Time 