Information Technology - Analyst, Cyber Security - Talteam
Baltimore, MD
About the Job
ROLE: To ensure the organization's data remains protected from inappropriate access, disclosure and/or damage. To advocate for and execute the processes and practices of the Cybersecurity team while supporting business and customer needs.
PRINCIPAL RESPONSIBILITIES:
Under the supervision of the Manager, Cybersecurity Risk and Compliance, the incumbent's accountabilities include, but are not limited to the following:
" Support the Cybersecurity Risk Management program providing support and guidance to a team of technically diverse cybersecurity specialists personnel while further supporting collaboration across the various risk related teams in the organization.
" Support continuous monitoring efforts by partnering with TPRM, Procurement, Legal, and key business stakeholders.
" Support the assessment of cybersecurity controls, identify gaps, assist in development of mitigation strategies, and manage them to closure.
" Collaborate with internal and external teams to assess, monitor, and manage risks.
" Work with business teams to conduct thorough assessments to identify potential risks to the organization. This includes evaluating their security practices, data handling procedures, and regulatory compliance (e.g., HIPAA, PCI, GDPR, etc.)
" Represent Cybersecurity from a Cybersecurity Risk Management perspective and execute security risk management leadership through the design and implementation of cybersecurity controls to maintain the confidentiality, integrity and availability of information systems and data.
" Prepare detailed risk assessment reports, clearly articulating findings and recommendations and maintain a comprehensive repository of all risk assessments and associated documentation.
" Conduct risk analyses to ensure consistency in the detailed risk assessment lifecycle inclusive of identification, socialization, mitigation, and closure.
" Design, implement, and integrate security solutions to address enterprise risks and exposures.
" Develop and maintain Information Security Risk Metrics supported by KPIs and KRIs to support the analytics team.
" Test and report on new technologies to address security concerns and work closely with the vulnerability management team on the identified risks.
" Support client's compliance/risk management efforts in support of NIST, FedRAMP, and HIPAA to include but not limited to: external assessment readiness/support, self-assessments, risk assessments, Plans-Of-Action-and-Milestone (POA&M) management, continuous monitoring.
QUALIFICATION REQUIREMENTS:
Required: College Degree in an Information Security or Technology related field or equivalent experience plus 3 + years related work experience. The incumbent will possess a high level of expertise in information security concepts, information security policies and system architecture concepts and have experience in process definition, workflow design, and process mapping. In depth understanding in multiple areas of Information Security such as networking (TCP/IP, OSI model, network protocols), operating system fundamentals (Windows, UNIX, mainframe), security technologies (firewalls, switches, routers, IPSEC, IDS/IPS, etc.), authentication technologies, wireless architectures, encryption key management, and mobile device technologies. Also, must have knowledge of vulnerability assessments, privacy assessments, incident response, security policy creation, enterprise security strategies, and governance. The incumbent must also have an ability to quickly and effectively learn Information Security tools in a large, complex multi-platform environment.
Abilities/Skills (candidate should possess most of these):
" Ability to identify and resolve complex issues and develop security solutions to meet client's business and technology goals.
" Strong written documentation skills and technical writing are required.
" Excellent presentation and verbal communication skills.
" Ability to effectively lead/complete tasks with a minimal level of supervision.
" Strong computer skills, including knowledge of Microsoft Windows, various e-mail systems (Microsoft Exchange)
" Possess broad understanding of the following systems/skill sets:
" System hardening concepts and techniques
" Network and remote access controls
" Unix, Linux, Web application servers
" Virtualization technologies
" Encryption technologies and key management
" Familiarity with access control methodologies (MAC, DAC. RBAC)
Additional Skills:
" Significant understanding of NIST Risk Management Framework and Information Security Risk Management methodologies including FAIR quantitative model
" Experience with Cybersecurity Governance, Risk, and Compliance (eGRC) Programs and Platforms.
" Proven ability to translate technical requirements to the business.
" Specific knowledge of client business and Client corporate structure.
" An understanding of the relationships among various units within the corporation.
" Ability to understand, develop, and socialize security policies, standards, and procedures.
" Proficiency with security controls for cloud environments (Azure and AWS) including FedRAMP requirements.
" Familiarity with security tools such as wireless and network scanning applications, vulnerability assessment applications and concepts, IDS/IPS, Data Loss Prevention, and other appropriate security related tools and capabilities.
" Experience working with Information Security tools in a large, complex, multi-platform environment.
" Familiarity with HIPAA Security Rule and compliance requirements.
" Understands complex cybersecurity issues as well as emerging technologies and develop creative solutions while ensuring compliance with cyber security laws and regulations
" Experience in risk management, compliance, audit, or third-party assessments
**Talteam Inc. is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.**
PRINCIPAL RESPONSIBILITIES:
Under the supervision of the Manager, Cybersecurity Risk and Compliance, the incumbent's accountabilities include, but are not limited to the following:
" Support the Cybersecurity Risk Management program providing support and guidance to a team of technically diverse cybersecurity specialists personnel while further supporting collaboration across the various risk related teams in the organization.
" Support continuous monitoring efforts by partnering with TPRM, Procurement, Legal, and key business stakeholders.
" Support the assessment of cybersecurity controls, identify gaps, assist in development of mitigation strategies, and manage them to closure.
" Collaborate with internal and external teams to assess, monitor, and manage risks.
" Work with business teams to conduct thorough assessments to identify potential risks to the organization. This includes evaluating their security practices, data handling procedures, and regulatory compliance (e.g., HIPAA, PCI, GDPR, etc.)
" Represent Cybersecurity from a Cybersecurity Risk Management perspective and execute security risk management leadership through the design and implementation of cybersecurity controls to maintain the confidentiality, integrity and availability of information systems and data.
" Prepare detailed risk assessment reports, clearly articulating findings and recommendations and maintain a comprehensive repository of all risk assessments and associated documentation.
" Conduct risk analyses to ensure consistency in the detailed risk assessment lifecycle inclusive of identification, socialization, mitigation, and closure.
" Design, implement, and integrate security solutions to address enterprise risks and exposures.
" Develop and maintain Information Security Risk Metrics supported by KPIs and KRIs to support the analytics team.
" Test and report on new technologies to address security concerns and work closely with the vulnerability management team on the identified risks.
" Support client's compliance/risk management efforts in support of NIST, FedRAMP, and HIPAA to include but not limited to: external assessment readiness/support, self-assessments, risk assessments, Plans-Of-Action-and-Milestone (POA&M) management, continuous monitoring.
QUALIFICATION REQUIREMENTS:
Required: College Degree in an Information Security or Technology related field or equivalent experience plus 3 + years related work experience. The incumbent will possess a high level of expertise in information security concepts, information security policies and system architecture concepts and have experience in process definition, workflow design, and process mapping. In depth understanding in multiple areas of Information Security such as networking (TCP/IP, OSI model, network protocols), operating system fundamentals (Windows, UNIX, mainframe), security technologies (firewalls, switches, routers, IPSEC, IDS/IPS, etc.), authentication technologies, wireless architectures, encryption key management, and mobile device technologies. Also, must have knowledge of vulnerability assessments, privacy assessments, incident response, security policy creation, enterprise security strategies, and governance. The incumbent must also have an ability to quickly and effectively learn Information Security tools in a large, complex multi-platform environment.
Abilities/Skills (candidate should possess most of these):
" Ability to identify and resolve complex issues and develop security solutions to meet client's business and technology goals.
" Strong written documentation skills and technical writing are required.
" Excellent presentation and verbal communication skills.
" Ability to effectively lead/complete tasks with a minimal level of supervision.
" Strong computer skills, including knowledge of Microsoft Windows, various e-mail systems (Microsoft Exchange)
" Possess broad understanding of the following systems/skill sets:
" System hardening concepts and techniques
" Network and remote access controls
" Unix, Linux, Web application servers
" Virtualization technologies
" Encryption technologies and key management
" Familiarity with access control methodologies (MAC, DAC. RBAC)
Additional Skills:
" Significant understanding of NIST Risk Management Framework and Information Security Risk Management methodologies including FAIR quantitative model
" Experience with Cybersecurity Governance, Risk, and Compliance (eGRC) Programs and Platforms.
" Proven ability to translate technical requirements to the business.
" Specific knowledge of client business and Client corporate structure.
" An understanding of the relationships among various units within the corporation.
" Ability to understand, develop, and socialize security policies, standards, and procedures.
" Proficiency with security controls for cloud environments (Azure and AWS) including FedRAMP requirements.
" Familiarity with security tools such as wireless and network scanning applications, vulnerability assessment applications and concepts, IDS/IPS, Data Loss Prevention, and other appropriate security related tools and capabilities.
" Experience working with Information Security tools in a large, complex, multi-platform environment.
" Familiarity with HIPAA Security Rule and compliance requirements.
" Understands complex cybersecurity issues as well as emerging technologies and develop creative solutions while ensuring compliance with cyber security laws and regulations
" Experience in risk management, compliance, audit, or third-party assessments
**Talteam Inc. is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.**
Source : Talteam
