Vacancy expired!
- Broad knowledge of information security and privacy fundamentals.
- Knowledge on applying risk management frameworks such as NIST, FISMA, or ISO 27000.
- Knowledge in SSAE 16, SOC 2, Shared Assessments, FedRAMP, and other vender risk assessment methodologies.
- Knowledge on Governance, Risk, and Compliance (GRC) and vendor risk management tools.
- Excellent oral and written communication, ability to convey technical and security related concepts to people at all levels of the organization.
- Proficient in the design and implementation of effective information security controls with minimal oversight.
- Acute attention to detail with a high level of data integrity and accuracy.
- Strong organizational and prioritization skills to handle multiple priorities.
- Exposure to public cloud offerings and building cloud native applications.
- Bachelor's degree in information technology or Computer Science.
- Industry recognized certifications within the domains of information security and privacy (e.g., CISSP, GIAC, CISM, CISA, CIPP, CTPRP, CCSP, etc.).
- 5 years of working in an IT computer related field.
- 3 years of hands-on technical experience in cloud administration.
- 1 year of experience with Cloud Cybersecurity efforts and emerging technology aligned with the Risk Management Framework (RMF).
- The consultant will work with agency staff to properly capture issues and assist with resolution. The consultant will ensure proper follow-up occurs and that all issues are resolved within an estimated timeframe. In addition, the consultant will:
- Keep abreast of the latest security, privacy, and regulatory concerns and best practices impacting third party risk management.
- Advise agency on any changes requested by third parties to security and privacy provisions of agreements or contracts.
- Collaborate with IT project management and operational teams to design secure cloud infrastructure plans and services.
- Perform analysis on the security for all cloud services including but not limited to: AWS, Microsoft Azure, Google, etc.
- Provide subject matter expertise on cloud security, automation and virtualization.
- Develop, document, and validate policies, processes and/or procedures relating to a variety of cloud concepts and standards.
- Develop cloud security metrics to analyze risk and identify potential opportunities to reduce vulnerabilities.
- Collaborate with all parties and city Cyber Command Center to obtain disposition of cloud solution and update agency inventory list.
Vacancy expired!