| Urgent Need || Security Enginner || Hybrid || week on site in DC || USC, GC, H4-EAD, h1b at Remote, Remote, USA |
| Email: [email protected] |
|
http://bit.ly/4ey8w48 https://jobs.nvoids.com/job_details.jsp?id=1730994&uid= Good morning, I have an opening for Senior Technical Info Risk/Azure Cloud Security Consultant at the IMF in DC. This position is hybrid 3 days a week on site in DC (metro accessible). The must have skills are technical security working experience with a broad range of Azure services, Microsoft Certified: Cybersecurity Architect Expert, and Advanced working knowledge of Azure Cloud and Microsoft 365 security controls, solutions, and future roadmaps as well as Azure Key Vault, Azure Kubernetes Service, Azure Active Directory, Defender for Cloud, Azure monitor, Azure API Management, Application gateway. With submissions please include managerial references and LinkedIn profiles. Pure Genuine needed here as client is IMF Under the general supervision of the Deputy of Governance, Risk, Compliance & Data Security, the Senior Information Risk Consultant will provide information risk management and IT security expertise. The expertise will take the form of risk analysis, consultancy, policy, standards and best practice guidance, and process improvements. The candidate with be required to work with project teams, service providers, and business units internal and external to the company's IT function. The candidate is expected to bring pragmatic risk management experience allowing for the company to meet its present and emergent business needs but in compliance to security polices and standards and within risk appetite. The candidate is expected to advise and influence technology and business personnel regarding the value and methods of safeguarding information, applications, systems, infrastructure, and activities to help ensure that technologies function optimally; work practices are optimized so that the information risks are managed. Specific Responsibilities Include: Delivers information security risk assessments (Certification and Accreditation) of projects, new technologies, external service providers, and IT changes. Guides staff and managers on the appropriate risk mitigation strategies. Effectively communicates requirements and trains staff and managers in IT divisions to identify and manage risks throughout the project lifecycle. Communicates and reports on risk metrics to IT management and governance groups. Maintain impartiality around IT systems to produce unbiased reports on information security risk. Conducts quality assurance reviews of security requirements and audit recommendations for the implementation of identified solutions. Manages the engagement process of external risk assessment providers and acts as a liaison with internal IT project teams and business units. Supports the ISO 27001 certification by promoting self-compliance to policies and standards by IT staff and managers. Keeps abreast of international information security codes of practice such as ISO 27001/27002, information security and privacy regulations and how these measures could affect information assets owned by, or administered on behalf of, the company. Assists with the development of the company's enterprise security architecture standards at the business, information, infrastructure, and application level. Provides subject matter expertise on enterprise security architecture and influences selection of tools and technologies to support the company's security architecture standards. As an advocate of information security, works closely and proactively with IT project team leaders, service providers, and business units to provide security-related technical solutions. Identifies opportunities to improve business practices or IT security-related processes. Analyzes, recommends and implements process improvements within the context of information security. Works closely with IT project teams to develop implementation plans for new security-related products and services. Coordinates the preparation and presentation of user technical support and training materials to ensure the efficient, effective and secure use of information and communications technology. Coordinates and supports the work of security governance. Prioritizes, monitors, and assesses compliance and audit recommendation results to ensure they are comprehensive, robust, and of high quality. Experience Should Include: Having worked as or have experience of Information Risk Management at organizations with regulatory compliance requirements Implementation of Vendor Risk Assessment frameworks Demonstrated IT Security expertise in infrastructure areas, network, applications, and database system technologies including endpoints Assisted and taken part in delivering Enterprise Security Architecture principles, service management concepts and experience with use of quality assurance tools and techniques Delivered improvements in Application Security processes, and vulnerability minimization techniques General infrastructure Vulnerability Management Incident response process Application of project management and systems development methodologies, and managing IT administrative and capital development project budgets Delivery of Security awareness initiatives Knowledge of administrative rules and regulations, processes, and technology capabilities Education: Advanced degree in Information Security and minimum 5 years experience in regulated industries working as an information risk manager or as an IT Security Architect. Assisting in the delivery of an IT Security Strategy and Architecture Delivery of Information Security Risk and architecture assessments including consulting on threat modeling, appropriate tiering of N tier applications, placement, and infrastructure controls to protect application components. Able to consult and review the implementation of authentication (SSO, LDAP, AD), authorization (fine grained and course grained), and cryptography (PKI, SSL, kerberos, crypto algorithms) mechanisms within applications. Experience with Identity and Access management suite integration, Web services (SAML, WS-Federation and WS-Security), and SOA security. Defining the policies, standards, and guidelines for Information Security activities including Application and Infrastructure Security Vulnerability management and ensuring Application Security is integrated into SDLC. Ability to consult and deliver standards and guidelines on the hardening of application and infrastructure components, tools and techniques to ensure the security of application and infrastructure components such as LINUX/Windows servers, Web servers (IIS, Apache, tomcat), app servers, Databases (Oracle and MS SQL), endpoints (MAC, Windows, Apple IOS, Blackberry etc), ArcSight, and Web Application Firewalls. Manage and review the output of Application and Infrastructure Security assessments conducted by external security services firms. Defining process and procedures for using External security service providers including scoping, management of services, remediation tracking, and exception managemen Knowledge of OWASP, WASC, SANS, CVE, and CVSS (Threat & Vulnerability classification). General Security: ISO 27001: knowledge, implementation, and management Risk management concepts and principals - including assessment, prioritization, delivery of treatment plans, tracking, reporting, and metrics (accreditation and certification). Experience with NIST-SP800-30, ISO/IEC 27005, OCTAVE, COSO, COBIT Embedding security into processes such as SDLC, Project Lifecycle, ITIL, etc. Basic project management and consultancy skills Infrastructure security (perimeter, network, application, operating system, mobile device) Knowledge of security solutions, latest threats, and countermeasures SharePoint Knowledge of information risk/security frameworks Certifications (minimum of 2 preferred): CISSP (minimum) GIAC, GSSP-NET, GWAPT, GPEN (preferred) CISM (preferred) Thanks and Regards Abhishek Tripathi Senior US IT Recruiter | Pransu Tech Solutions Office: 1010 Continental Ave, Canton, MI 48188 Email: [email protected] Hangouts: abhishek@[email protected] Keywords: active directory information technology microsoft Michigan Urgent Need || Security Enginner || Hybrid || week on site in DC || USC, GC, H4-EAD, h1b [email protected] http://bit.ly/4ey8w48 https://jobs.nvoids.com/job_details.jsp?id=1730994&uid= |
| [email protected] View All |
| 08:22 PM 09-Sep-24 |