Location: all cities,CA, USA
Coordinate with stakeholders to initiate, scope and plan controls assessments of new and existing vendor engagements.
Perform assessments on-site at vendor locations or remotely via conference calls.
Assess completed questionnaires and supporting documentation to validate vendor appropriate implementation of information security controls; analyze the information to identify information security weaknesses or non-compliance with industry standards.
Produce detailed documentation of assessments and perform threat analysis of gaps identified.
Communicate vendor information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks.
Validate evidence from vendors before Remediation Plans are closed.
Escalate issues associated with vendors as needed to management.
QualificationsDemonstrate in-depth knowledge of concepts, best practices and controls in a breadth of information security areas/domains; these information security areas include risk management, access control, cryptography, physical security, security architecture and design, network security, application & operations security and compliance/incident management.
Strong technical and/or IT audit background and practical knowledge of a wide variety of technologies which include server infrastructure & operating systems, network & web infrastructures, database architecture and intrusion detection/prevention systems.
Proficient working knowledge within the following risk domains/technologies: Database and application security, IDS/IPS technologies, System/Access Administration, Firewall technologies, Network Architecture, Security Event Logging & Monitoring, Key Management/Tokenization, Database/Application/Network Layer Secure Protocols, Physical and Environmental Security, Secure Software/Code Development, Change Management, Vulnerability Management.
Self-starter with the ability to manage and prioritize responsibilities through the effective use of time management techniques.
Team player with proven skills in influencing people without having direct management authority and motivating them to successfully complete tasks within required timelines.
Strong ability to interact and communicate both written and verbally with people at all levels, both technical and non-technical, in a dynamic environment where interactions are not always in person.
Strong risk analysis and problem-solving skills.
Must be flexible to ensure assessments are performed by the mandated date and be able to manage multiple assessments simultaneously.
Additional Experience/RequirementsExperience that is considered a strong plus: performing information security assessments; providing information security guidance to business stakeholders; interpreting and applying information security policy and standards.
IT Risk Management/Audit industry certification (such as CISSP, CISA, CRISC, etc.) preferred.
Additional InformationAll your information will be kept confidential according to EEO guidelines.
Direct Staffing Inc.
#J-18808-Ljbffr