Vertical Data Engineering Systems

Objective Security Technology

Information Security Analyst/Auditor

The Information Security Analyst/Auditor will support a portfolio of clients with multiple systems security levels. The candidate should demonstrate knowledge and experience in IT risk and controls through IT audits, IT control assessments, and IT security reviews.

Duties include:

  • Performing rigorous assessments of IT controls using industry-standard guidance and leading practices.
  • Performing walkthrough interviews and maintaining communication with a variety of client stakeholders, including system personnel such as system and database administrator
  • Requesting, obtaining, reviewing, and analyzing a variety of artifacts to assist in executing IT controls testing such as security plans, SOPs, system screenshots, and system configuration settings.
  • Evaluating IT controls' design and operating effectiveness using provided artifacts, industry-standard guidance, leading practices, and professional judgment.
  • Evaluate security requirements, policies, and tools.
  • Documenting the results of IT controls test work in a consistent and high-quality manner would allow a reviewer to repeat the test and reach the same conclusion.
  • Summarizing and communicating IT controls assessment results to various client stakeholders, including senior leadership personnel.
  • Planning and executing activities of IT controls assessments individually and for the team.
  • Working with client personnel to understand and analyze known IT control weaknesses, identify root causes, and develop detailed, robust remediation plans.
  • Providing subject-matter-expertise on IT controls and responding to ad-hoc IT controls requests from clients.
  • Prepare documentation from information obtained from the client using accepted guidelines such as RMF (Risk Management Framework).
  • Develop strategies to comply with privacy, risk management, and e-authentication requirements.

Knowledge & Skills

  • BA/BS degree Information Technology / Security / Cybersecurity
  • 5+ years of relevant experience in a technology enterprise
  • Ability to report at an Executive or Board level on security issues and solutions.
  • Experience facilitating and leading technical solutions meetings with multiple stakeholders
  • Working knowledge of Security Standards, Compliance, and procedures
  •  Experience working in an infrastructure environment supporting Windows/Lynx servers, networking, and security tools.
  • IDS/IPS, Firewalls
  • Strong Project Management or relevant experience
  • Strong computing foundation (Hardware and Software security awareness)
  • Strong experience in documentation & processes
  • Strong analytical skills
  • Strong organizational knowledge
  • Strong customer focus and flexibility to resolve urgent issues
  • Ability to independently identify, execute and manage tasks associated with the position
  • Ability to work well within a team

Qualifications:

  • Experience with the following frameworks preferred:
  • NIST Cyber Security Framework (NIST CSF)
  • Cybersecurity Maturity Model Certification (CMMC)
  • ISO 27000/27001/27002
  • NIST SP 800-171
  • NIST SP 800-53
  • DFARS 252.204-7012, 7019, 7020 and 27021
  • CISSP, CISM or CISA certification a plus
Please send resume and availability. Interviews on a rolling basis!

Apply Here