Crescens
Title: Information Security Architect
Location: Remote
Duration: 12+ Months
Type: Contract
Note: The candidate will be allowed to work remotely until all staff may be required to return to site. At that point the candidate may be required to come onsite. The candidate will need to come onsite the first day to collect equipment. Do you accept this requirement?
Job Overview: The client requires a senior information security architect specializing in industry standard security, risk, and compliance frameworks to develop security program documentation and policy. Required Skills & Experience: Current or prior role as a PCI-DSS Qualified Security Assessor (QSA) or PCI-DSS Internal Security Assessor (ISA) - Desired Experience leading or directly supporting PCI-DSS annual assessment for a L1 or L2 merchant, familiarity with PCI-DSS 3.2 or higher - Desired Strong knowledge and experience architecting/designing implementations, configuring, and risk assessing AWS and/or Azure cloud computing environments - Desired Progressive advanced experience as an IT information security professional working within an enterprise environment - Required Hands-on experience implementing, administrating and operating technologies such as firewalls, IDS/IPS, SIEM, antivirus, network traffic analyzers Detailed technical experience with network security, security protocols, access control, cryptography, application security, and data protection - Required Extensive experience with data classification, handling, assessment, and enforcement - Required Experience implementing and supporting systems within enterprise-class data center environments - Required Advanced knowledge of regulatory compliance including, but not limited to: OWASP, ISO, NIST, FISMA, PCI-DSS, HIP nd IRS-1075 - Required Experience leading risk assessments using industry standard frameworks such as ISO or NIST for complex IT projects and technologies - Required Experience developing, leading and executing information security incident response plans - Required Experience developing and implementing information security policy, standards and procedures - Required Experience providing research and evidence in support of audits - Required CISSP information security certification Specific experience implementing, administrating, or operating Tenable Nessus Specific experience implementing, administrating, operating or utilizing IBM Qradar SIEM - Highly desired Experience consulting on information security solutions for a state or federal agency - Required Experience implementing and operating enterprise class data networking solutions Experience implementing and operating enterprise class server and storage systems Detailed expert knowledge of NIST 800-53, and performing risk assessments utilizing NIST 800-53 - Required Detailed expert knowledge of ISO 27001, and performing risk assessments utilizing ISO 27001 Detailed expert knowledge of the NIST Cyber Security Framework (CSF), and performing risk assessments utilizing the NIST CSF - Required Familiarity and experience with the Department of Homeland Security (Client) Cyber Security Evaluation Tool (CSET) Experience consulting on information security and IT solutions for a state motor vehicles agency or department of transportation - Required Experience performing risk assessments, documenting and driving compliance with the North Carolina DIT Statewide Information Security Manual - Required Experience completing NC Department of Information Technology Privacy Threshold Analysis (PTA) documentation Experience completing NC Department of Information Technology Vendor Readiness Compliance Reference Approval/History Assessment Report (VRAR) documentation - Highly desired Trained and experience implementing and operating with ITIL (formerly Information Technology Infrastructure Library) concepts ITIL (formerly Information Technology Infrastructure Library) certification Familiarity and practical experience with SABSA or TOGAF enterprise architecture frameworks and methodologies SABSA or TOGAF certification
Job Overview: The client requires a senior information security architect specializing in industry standard security, risk, and compliance frameworks to develop security program documentation and policy. Required Skills & Experience: Current or prior role as a PCI-DSS Qualified Security Assessor (QSA) or PCI-DSS Internal Security Assessor (ISA) - Desired Experience leading or directly supporting PCI-DSS annual assessment for a L1 or L2 merchant, familiarity with PCI-DSS 3.2 or higher - Desired Strong knowledge and experience architecting/designing implementations, configuring, and risk assessing AWS and/or Azure cloud computing environments - Desired Progressive advanced experience as an IT information security professional working within an enterprise environment - Required Hands-on experience implementing, administrating and operating technologies such as firewalls, IDS/IPS, SIEM, antivirus, network traffic analyzers Detailed technical experience with network security, security protocols, access control, cryptography, application security, and data protection - Required Extensive experience with data classification, handling, assessment, and enforcement - Required Experience implementing and supporting systems within enterprise-class data center environments - Required Advanced knowledge of regulatory compliance including, but not limited to: OWASP, ISO, NIST, FISMA, PCI-DSS, HIP nd IRS-1075 - Required Experience leading risk assessments using industry standard frameworks such as ISO or NIST for complex IT projects and technologies - Required Experience developing, leading and executing information security incident response plans - Required Experience developing and implementing information security policy, standards and procedures - Required Experience providing research and evidence in support of audits - Required CISSP information security certification Specific experience implementing, administrating, or operating Tenable Nessus Specific experience implementing, administrating, operating or utilizing IBM Qradar SIEM - Highly desired Experience consulting on information security solutions for a state or federal agency - Required Experience implementing and operating enterprise class data networking solutions Experience implementing and operating enterprise class server and storage systems Detailed expert knowledge of NIST 800-53, and performing risk assessments utilizing NIST 800-53 - Required Detailed expert knowledge of ISO 27001, and performing risk assessments utilizing ISO 27001 Detailed expert knowledge of the NIST Cyber Security Framework (CSF), and performing risk assessments utilizing the NIST CSF - Required Familiarity and experience with the Department of Homeland Security (Client) Cyber Security Evaluation Tool (CSET) Experience consulting on information security and IT solutions for a state motor vehicles agency or department of transportation - Required Experience performing risk assessments, documenting and driving compliance with the North Carolina DIT Statewide Information Security Manual - Required Experience completing NC Department of Information Technology Privacy Threshold Analysis (PTA) documentation Experience completing NC Department of Information Technology Vendor Readiness Compliance Reference Approval/History Assessment Report (VRAR) documentation - Highly desired Trained and experience implementing and operating with ITIL (formerly Information Technology Infrastructure Library) concepts ITIL (formerly Information Technology Infrastructure Library) certification Familiarity and practical experience with SABSA or TOGAF enterprise architecture frameworks and methodologies SABSA or TOGAF certification