Title: Security Compliance Analyst Location: Pleasanton, CA; Vacaville, CA Duration; 12 months with possible extension
Job summary.
Key Responsibilities:
Develop and maintain security policies and standards based on security frameworks and industry standards including the identification of risk rating for each security control
Provide in depth security knowledge and consultation when analyzing security risks (e.g., analyzing security related reports; evaluating security risks; and making recommendations)
Conduct the most complex Risk Assessments (RAs)
Develop/maintain procedures (e.g., RA/BRD/TDD/security defects)
Perform analysis on the most complex Security Incident Response (SIR) tickets as needed
Act as Lead/Co-Lead/Backup on assigned Information Security projects
Train/mentor new/existing security team members on RAs/BRDs/TDDs/security defects (e.g., identify applicable security risks and mitigating controls; review for adherence to the System Engineering Handbook/Security Policies & Standards)
Attend meetings/Represent Information Security for all security matters
Basic Qualifications:
5+ years of information technology experience, including two (2) years of lead/management experience performing a variety of progressively responsible technical and analytical work.
Extensive knowledge of and proven experience with information technology systems and methods of developing, testing and moving solutions to implementation.
Self-motivated self-starters/proactive, working closely and actively communicating with team members to accomplish time critical tasks and deliverables.
Work collaboratively with other support team members and independently on assigned tasks and deliverables with minimum supervision.
Preferred Qualifications:
Working experience in a highly regulated environment and managing information risks and expectations across multiple stakeholder groups
Working experience of security, policy compliance, and governance frameworks including the NIST-800 series, PCI, ISO 27001/27001, ITIL, and COBIT
Think creatively and critically, analyzing complex problems, weighing multiple solutions, and carefully selecting solutions appropriate to the business needs, project scope, and available resources
CISSP and CCFP or equivalent certification desired (e.g., CCE, CHFI).
Other highly desirable security certifications may be substituted for CISSP (e.g., CISA, CISM, etc.
)
Experience with LAN WAN, Internet, Proxy/Filtering, Firewall, VPN, DMZ and network protocols like TCP/IP, SNMP, SMTP, NTP, DNS, LDAP, NFS, SAMBA, etc.