Architect - Expert ISO Policy Change Developer

Summary

Join our team as an Architect - Expert ISO Policy Change Development! This remote position requires a contract information security specialist with expertise in architecting and analyzing information security policies, processes, procedures, and programs. You will be dedicated to supporting the creation and updates of our client's security program, policies, standards, and procedures. The role demands extensive experience in data classification, risk assessment, and regulatory compliance. Success in this role requires a strong understanding of various frameworks such as ISO, NIST, and PCI-DSS. You will lead risk assessments, develop incident response plans, and provide research for audits. This is a 12+ month contract position located in Raleigh, NC.

Requirements

• 5 Years Hands-on experience implementing, administrating and operating technologies such as firewalls, IDS/IPS, SIEM, antivirus, network traffic analyzers
• 5 Years Extensive experience with data classification, handling, assessment, and enforcement
• 5 Years Experience implementing and supporting systems within enterprise-class data center environments
• 5 Years Advanced knowledge of regulatory compliance including, but not limited to: OWASP, ISO, NIST, FISMA, PCI-DSS, HIPAA and IRS-1075
• 5 Years Experience leading risk assessments using industry standard frameworks such as ISO or NIST for complex IT projects and technologies
• 5 Years Experience developing, leading and executing information security incident response plans
• 5 Years Experience developing and implementing information security policy, standards and procedures
• 5 Years Experience providing research and evidence in support of audits
• 3 Years CISSP information security certification
• 2 Years Experience implementing and operating enterprise class data networking solutions
• 2 Years Detailed expert knowledge of ISO 27001, and performing risk assessments utilizing ISO 27001
• Experience performing risk assessments, documenting and driving compliance with the North Carolina DIT Statewide Information Security Manual
• Experience completing NC Department of Information Technology Privacy Threshold Analysis (PTA) documentation

Responsibilities

• Develop information security policy, process, procedure, and program for client and the client business
• Support the creation and update of client's security program and related policies, standards, and procedures/processes

Preferred Qualifications

• Current or prior role as a PCI-DSS Qualified Security Assessor (QSA) or PCI-DSS Internal Security Assessor (ISA)
• Experience leading or directly supporting PCI-DSS annual assessment for a L1 or L2 merchant, familiarity with PCI-DSS 3.2 or higher
• Strong knowledge and experience architecting/designing implementations, configuring, and risk assessing AWS and/or Azure cloud computing environments
• Progressive advanced experience as an IT information security professional working within an enterprise environment
• 5 Years Detailed technical experience with network security, security protocols, access control, cryptography, application security, and data protection
• Specific experience implementing, administrating, or operating Tenable Nessus
• Specific experience implementing, administrating, operating or utilizing IBM Qradar SIEM
• 2 Years Experience consulting on information security solutions for a state or federal agency
• Experience implementing and operating enterprise class server and storage systems
• Detailed expert knowledge of NIST 800-53, and performing risk assessments utilizing NIST 800-53
• Detailed expert knowledge of the NIST Cyber Security Framework (CSF), and performing risk assessments utilizing the NIST CSF
• 2 Years Familiarity and experience with the Department of Homeland Security (DHS) Cyber Security Evaluation Tool (CSET)
• 2 Years Experience consulting on information security and IT solutions for a state motor vehicles agency or department of transportation
• Experience completing NC Department of Information Technology Vendor Readiness Assessment Report (VRAR) documentation
• Trained and experience implementing and operating with ITIL (formerly Information Technology Infrastructure Library) concepts
• ITIL (formerly Information Technology Infrastructure Library) certification
• Familiarity and practical experience with SABSA or TOGAF enterprise architecture frameworks and methodologies
• SABSA or TOGAF certification