Job Title: Information System Security Officer
Requisition ID: 16004K5
Job Category: Security Services
Job Type: Regular
Primary Location: USA-NY: NEW YORK-RENSSELAER
Remote Work Authorized: No
Relocation Assistance: Not Available
Clearance Level: None
Employee Status: Regular
Posting Date Sep 14, 2016
Essential Job Functions
- Reporting directly to the Account Executive, this position will require managing and directing the security team with primary functions involved with vulnerability management, risk assessment, audit evidence collection, privacy and security awareness, security incidents, business continuity and disaster recovery, audits, assessments, physical security, securing various layers of technology from application to network level, and log analysis.
- Achieves security based on a well-accepted control framework such as NIST and HIPAA
- Acquired experience across various security domains including security incident handling, business continuity & disaster recovery, working with auditors, security and privacy assessments, access control, penetration and vulnerability testing, guides remediation efforts for identified vulnerabilities, physical security, network security, application security, database security, server security, and other security and privacy domains
- Works with various departments seamlessly including operations, contracts, quality assurance, audit, the client management team, technology administrators, and executive management.
- Teams with other security analyst members and security personnel on the account and in corporate.
- Develops System Security Plans (SSP) and implements security policy, standards, guidelines, and procedures as part of ongoing maintenance of security
- Investigates security breaches as required
- Assists with log reviews and other detective controls
- Experience with managing vulnerability analysis tools
- Initiates remediation in customer service tickets via SNOW and Silk based on scan results and required remediation
- Conducts risk assessments and risk analysis to help the organization develop security standards and procedures that support strategic, tactical and operational objectives on a cost-effective basis
- Assists with the Information Security Incident Reporting program for containment and correction of security incidents
- Participates in resolving problems with security violations
- Responsible for the content and ensuring completion of information security training
- Assists with the communication of information security and privacy awareness
- Validates that IS system meets predetermined security requirements based on established and approved standards
- Works with vendors and user departments to enhance information security
- Subject Matter Expert ensuring organizational alignment with security best practices, and applicable laws/regulations
- BA or BS in Computer Science, Information Management, or related field
- Working knowledge of risk analysis from a security perspective
- CISSP security certification, preferably supplemented by CISA, CISM, certifications
- At least 10 years of progressive experience in computing and security, including experience with Internet technology and security issues
- Proven ability as a member of a management team and is able to communicate technical and security-related concepts to a broad range of technical and non-technical staff
- Ability to work and effectively prioritize in a highly dynamic work environment
- Experience with log reviews, assisting in audits and risk analysis
- A high level of integrity and trust
- Knowledge of security hardware and software products that comply with current industry standards
- Understanding of technology-related state and federal regulations relating to the Health industry
- Strong working knowledge of NIST Framework, Privacy, and HIPAA requirements.
CSRA is committed to creating a diverse environment and is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.