CURRENT JOB SELECTION

Cyber Security Risk Assessor

  Texas, Dallas-Fort Worth-Arlington

  IT/Computing

#2788
   Job Order
Posted Date
Tuesday, June 12, 2018

 

Cyber Security Risk Assessor

Dallas, Texas

2-4 openings

Long-term 1 year+ consulting engagement

 

Exciting new job opening for a Cyber Security Risk Assessor to join our team and work on-site for our global client based out of Dallas, Texas.  This is an exciting consulting engagement for 1 year + and can be located in Dallas, Texas; Memphis, TN; or Mclean, VA.  This role will be responsible for security, risk, vulnerability assessments.  This individual will look at the design for IS and ask questions.  Will focus on how to encrypt the information.  This role is responsible for reviewing the end to end design, condensing the networking, reviewing work and asking questions.  The Risk Assessor will have a team that runs daily scans for him or her, but the right person will also know how to run their own scans.  Part of this role will be daily review of the scans and making suggestions accordingly.  Will have strong experience dealing with customers.

 

Required Skills:

o   Perform Cybersecurity assessments, certification and accreditation, and information assurance

o   Provide analysis of the security design and function of systems and develop a risk determination for these systems

o   Configure and validate secure complex systems and test security products and systems to detect security weakness

o   Participate in testing scenarios, including detailed review of systems architectures and connectivity, performance of system scans, and on-site evaluation of system configuration

o   Create security assessment plans and reports, describing test procedures and findings

o   Provide test and evaluation of projects

o   Develop and document test plans and procedures

o   Prepare studies, plans and analyses in support of the delivery order

o   Prepare recommendations for cybersecurity and assessments on various programs

o   Appropriately identify and/or create needed data sources to enable verification of software functionality

o   Prepare final reports and provide recommendation on product acceptance or need for further development efforts

o   Provides leadership and training in new procedures to technician testing staff


Required Skills

o   5 years of Information Security experience in Security Governance, Risk and Compliance practices and methodologies

o   2 years’ experience with a leading IT-GRC platform such as Archer, RSAM, Prevalent, etc.

o   2 years’ experience in a development, engineering, DBA, or other technical IT role.

o   Experience with performing cyber security assessments and familiarity with industry cyber security tools or experience auditing systems

o   Experience with at least one major system vulnerability scanning platform – Qualys, Nexpose, Nessus, Tanium, etc.

o   Demonstrates advanced knowledge of the principles, best practices architecture and design approaches to applicable capabilities, services and standard controls that fall under the scope of regulations and requirements such as: PCI, SOX, HIPAA, GDPR, GLBA, NIST, ISO, etc

o   Experience with dynamic and static application scanning tools and platforms.

o   Expert with Microsoft Excel, Word, Visio, and PowerPoint.  Experience with MS Project.

o   Experience of security operations techniques and policy development, particularly with regards to SDLC, Authentication, Encryption, Logging, Vulnerability Management, and similar methodologies and process

o   3 years’ experience analyzing reports from automated assessment tools and converting them into actionable reports for developers and executives based on risk as a function of exploitability, impact, and similar functions.

o   3 years’ experience performing assessments based on defined control frameworks (NIST, ISO, COBIT, etc.) and crafting reports based on the results.

o   Familiar with the application of common risk quantification techniques (FAIR, OWASP, etc)

o   At least one general Security certifications such as CISSP, CISA, CISM, SANS, GIAC, etc.

o   Role Specific Security certifications such as:  CEH - preferred

o   Previous experience in PCI-DSS compliance program including pre-assessment or assessment and gap remediation programs - PCI QSA Preferred

 

 

*To view all of our open positions, please visit: http://www.alleareconsulting.com/job-openings

 

Share