Jan 02, 2023
Owings Mills, MD, United States
ALTA IT Services is staffing a contract to hire opportunity for a Cyber Security Risk Analyst tto join a leading health insurance customer.
Cyber Security Risk Analyst
Owings Mills, MD (100% Remote)
Contract to Hire
Pay $55-60/hr Range
Under the supervision of the Manager, Cybersecurity Risk Management, the incumbents accountabilities include, but are not limited to the following
??? Execute security risk management leadership through the design and implementation of security policies, procedures, guidelines and standards to maintain the confidentiality, integrity and availability of information systems and data.
??? Assess third party cybersecurity controls, identify gaps, assist in development of mitigation strategies and manage them to closure.
??? Represent Information Security from an Information Security Risk Management perspective.
??? Lead the Security Risk management function and further support collaboration across the various risk related teams in the organization.
??? Lead risk analyses efforts to ensure consistency in the detailed risk assessment lifecycle inclusive of identification, socialization, mitigation, and closure.
??? Design and implement security solutions to monitor the efficiency and effectiveness of security operations, controls and infrastructure for on-premise and cloud (Azure and AWS) implementations.
??? Design, implement, and integrate security solutions to address enterprise risks and exposures.
??? Develop and maintain Information Security Risk Metrics supported by KPIs and KRIs.
??? Provide support and guidance to a team of technically diverse personnel of senior level security specialists and junior level security specialists.
??? Implement necessary enhancements/updates/upgrades to existing security products.
??? Assist in the configuration and installation of security products. Where possible, suggesting and implementing solutions to automate manual operational activities.
??? Test and report on new technologies to address security concerns and work closely with the vulnerability management team on the identified risks.
??? Serve as lead technical information security coordinator/project lead and as a contributor to cross functional teams for deployment and support of security specific infrastructure in order to provide information security to the enterprise.
??? Co-lead clients compliance/risk management efforts in support of NIST, FedRAMP, HIPAA, and client to include but not limited to external assessment readiness/support, self-assessments, risk assessments, Plans-Of-Action-and-Milestone (POA&M) management, continuous monitoring.
Apply technology and processes to ensure the enterprise is protected and secured in the following areas
??? Identity and access management.
??? Data protection (through the use of technologies such as whole disk encryption, end-to-end e-mail security, public and private key management, data leakage prevention, web application and source code security, database security, etc.)
??? Network devices and infrastructure, desktop/mobile devices and remote access to the network,
??? Information governance to ensure data is managed based on its sensitivity, information security policies, guidelines, and standards.
??? Information governance through performing day-to-day maintenance and addressing issues and problems associated with security tools.
??? Provide general support to the Information Security department in carrying out its assigned functions and responsibilities.
??? Provide ad hoc off-hours support and problem resolution as directed by departmental requirements, service level agreements and internal support procedures.
??? Provide assistance with audit issues and recommendations for remediation from an Information Security perspective.
??? Interact with other IT Operations teams to develop tactical and strategic programs to address processes, controls, and infrastructure to manage information security related concerns and satisfy directives.
??? Properly interpret business and technical requirements into security solutions and designs that are consistent with the current information security architecture.
??? Implement and assist in enforcement of company security policies.
??? Document results of system and application reviews including corrective action taken and security related documentation.
??? Assist with reviews of current and new clients systems and applications, including changes to existing applications/systems, to assure compliance with Information Security policies and standards.
??? Apply creative thinking in problem solving and identifying opportunities for improvements in security.
??? Provide Information Security related recommendations regarding clients infrastructure components (communications network, physical security, data access, computer hardware/software and data confidentiality, integrity, and availability).
??? Work with intra/interdepartmental technical and business personnel in a dynamic and varying environment.
??? Collaborate with other Information Security specialists, designers, developers, and architects.
??? Work with other technical teams in the organization such as IT Operations and IT Applications.
??? Share ideas, discuss alternatives, and seek input. Suggest means to decrease vulnerability of systems, applications and processes.
??? Maintain familiarity with state of the art concepts, procedures, software and techniques in Information Security in order to be able to effectively assess and develop the clients Information Security environment.
Required College Degree in an Information Security or Technology related field or equivalent experience plus 7+ years related work experience. The incumbent will possess a high level of expertise in information security concepts, information security policies and system architecture concepts and have experience in process definition, workflow design, and process mapping. In depth understanding in multiple areas of Information Security such as networking (TCP/IP, OSI model, network protocols), operating system fundamentals (Windows, UNIX, mainframe), security technologies (firewalls, switches, routers, IPSEC, IDS/IPS, etc.), authentication technologies, wireless architectures, encryption key management, and mobile device technologies. Also, must have knowledge of vulnerability assessments, privacy assessments, incident response, security policy creation, enterprise security strategies, and governance. The incumbent must also have an ability to quickly and effectively learn Information Security tools in a large, complex multi-platform environment.
Abilities/Skills (candidate should possess most of these)
??? Ability to identify and resolve complex issues and develop security solutions to meet clients business and technology goals.
??? Strong written documentation skills and technical writing are required.
??? Excellent presentation and verbal communication skills.
??? Ability to effectively lead/complete tasks with a minimal level of supervision.
??? Strong computer skills, including knowledge of Microsoft Windows, various e-mail systems (Microsoft Exchange)
??? Possess broad understanding of the following systems/skill sets
??? System hardening concepts and techniques
??? Network and remote access controls
??? Unix, Linux, Web application servers
??? Virtualization technologies
??? Encryption technologies and key management
??? Familiarity with access control methodologies (MAC, DAC. RBAC)
??? Professional certification such as CISSP, CRISC, CISA, or CISM (lead level only)
??? Significant understanding of NIST Risk Management Framework and Information Security Risk Management methodologies including FAIR quantitative model
??? Experience with Information Security Governance, Risk, and Compliance (eGRC) Programs and Platforms.
??? Proven ability to translate technical requirements to the business.
??? Specific knowledge of clients business and clients corporate structure.
??? An understanding of the relationships among various units within the corporation.
??? Ability to understand, develop, and socialize security policies, standards, and procedures.
??? Proficiency with security controls for cloud environments (Azure and AWS) including FedRAMP requirements.
??? Proficiency with control implementation and monitoring in addition to information security metrics and reporting
??? Familiarity with security tools such as wireless and network scanning applications, vulnerability assessment applications and concepts, IDS/IPS, Data Loss Prevention, and other appropriate security related tools and capabilities.
??? Experience working with Information Security tools in a large, complex, multi-platform environment.
??? Familiarity with HIPAA Security Rule and compliance requirements.
??? Experience developing and maintaining System Security Plans (SSPs)
??? Understands complex cybersecurity issues as well as emerging technologies and develop creative solutions while ensuring compliance with cyber security laws and regulations
??? Experience in risk management, compliance, audit, or third party assessments
Weight Essential Functions
20% Leads the team in regular assessments of network and system security for intrusion detection, vulnerability,
and security configurations.
20% Develops procedures for assessing indicators using the research of cybersecurity policies, indicators, and
15% Designs technical solutions for network protection, endpoint security, access control, auditing, and log
management. Uses technical expertise to resolve and identify issues through the analysis of technical
15% Prevents network damage and restores computers and electronic communication systems.
10% Collaborates with the security community to obtain technical cyber threat intelligence. Researches
emerging information security threats, vulnerabilities, and their countermeasures.
10% Leads the implementation of strategies for the detection and reporting of day-to-day security incidents.
10% Participates in the development of quality assurance policies.
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The
requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable
accommodations may be made to enable individuals with disabilities to perform the essential functions.
Education Level Bachelors Degree
Education Details Computer Science, Cyber Security, Information Technology, or related field
Experience 8 years relevant information security experience.
In Lieu of Education
In lieu of a Bachelors degree, an additional 4 years of relevant work experience is required in addition to the required work experience.