Guidesoft Inc. dba Knowledge Services

Information Security Analyst

1 month ago(12/20/2017 2:28 PM)
Job ID
2017-10188
Job City
Carson City
Job State
Nevada

Overview

2-month contract role for Information Security Analyst with the State of NV in Carson City, NV!

 

Knowledge Services,  established in 1994 and headquartered in Indianapolis IN, is a certified woman-owned (WBE) professional services organization with over 1500 employees located in offices throughout North America.  Founded by Julie Bielawski, CEO, Guidesoft, Inc. DBA Knowledge Services is an industry leader in Managed Service Programs (MSP), Employer of Record / Payrolling Services, National Recruitment, and Staffing Services.  We provide outstanding services to major organizations in various industries, including; IT, Healthcare, Entertainment, Media, Federal and State Governments, Public Utilities, Telecom, Manufacturing and more.

 

As such, Knowledge Services is committed to providing opportunities for growth – in our company, in each team member and in our relationships.  We believe titles do not define a person, but provide a framework to each person’s endless potential.  Our focus on improving our team, product and processes drive us every day.  We are guided by our four Pillars that set the foundation of who we are and how we conduct business:  Knowledge, Integrity, Innovation, and Service. 

 

Knowledge Services has benefit offerings to include the following!

 

  • Medical, dental, and vision coverage
  • Voluntary Life and AD&D coverage
  • Pet Insurance
  • Ticket and Event discounts!
  • The above are available provided contractors meet eligibility requirements

 

Responsibilities

Provide professional assessment and reporting relating to protection and handling of several categories of data and the required compliance (standards/policies/laws) at State and federal levels.

 

Consultant must prepare a written report of findings, including:

  • The type of data involved/released (PII, PHI, PCI);
  • The scope of the release, including a risk assessment model, potential magnitude of impact, chart or map of the data flow;
  • The methods utilized to investigate the data release (review of documentation, site visit, personal interviews, etc.);
  • Analysis of the software applications, networks and/or interconnects, physical location(s) of systems involved;
  • The potential exposure threat or consequences for damage to the agencies/individuals involved (vulnerability and risk assessment);
  • Potential threat or consequences to the State (vulnerability and risk assessment);
  • Potential legal impacts to the State;
  • Recommendations for mitigating the consequences; and
  • Recommendations for preventing similar incidents in the future.

 

Weekly status reports to include, but not be limited to:

  • Overall completion status of the project in terms of the approved project plan and schedule;
  • Problems that were encountered and proposed/actual resolutions;
  • Issues that need to be addressed;
  • Accomplishments during the period; and
  • Activities to be accomplished during the next reporting period.

Qualifications

 Possess sufficient information security knowledge and experience to conduct technically complex security assessments;

 Possess a minimum of one (1) year of experience in each of the following information security disciplines (experience may be acquired concurrently—for example, if the role involved experience in multiple disciplines at the same time):

 Application security; Information systems security; and Network security.

 

Possess a minimum of one (1) year of experience in each of the following audit / assessment disciplines (experience may be acquired concurrently, for example, if the role involved experience in multiple disciplines at the same time):

 IT security auditing; and Information security risk assessment or risk management.

 

Possess at least one (1) of the following accredited, industry-recognized professional certifications (possessing one (1) certification from each list is preferred; however, is not currently required:

 List A – Information Security:

  •  (ISC) 2 Certified Information System Security.
  •  Professional (CISSP)
  •  ISACA Certified Information Security.
  •  Manager (CISM)
  •  Certified ISO 27001 Lead Implementer 1.

 

List B – Audit:

  •  ISACA Certified Information Systems Auditor (CISA).
  •  GIAC Systems and Network Auditor (GSNA).
  •  Certified ISO 27001, Lead Auditor, Internal Auditor 1.
  •  IRCA ISMS Auditor or higher (e.g., Auditor/Lead Auditor, Principal Auditor).
  •  IIA Certified Internal Auditor (CIA).

 

 Possess knowledge about the PCI DSS and all applicable documents on the PCI SSC website.

 Have PCI assessment knowledge/expertise and also strong knowledge in PII/PHI/NRS data categories.

 

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed

Need help finding the right job?

We can recommend jobs specifically for you! Click here to get started.