Hi, Hope you are doing well,
Please go through requirement and send resume to *[email protected] <[email protected]>* , 972-497-2508. *RISK ASSESSMENT MANAGER - WASHINGTON, DC* *W2 or 1099 only * *5 year contract in Washington, DC.* *Local candidates will be considered first.* *Next non-Local candidates that are willing to drive to Washington, DC for F2F interview* Must have PERFECT communication skills. *Specific responsibilities include:* - Delivers information security risk assessments (Certification and Accreditation) of projects, new technologies, external service providers, and IT changes. - Guides staff and managers on the appropriate risk mitigation strategies. - Effectively communicates requirements and trains staff and managers in IT divisions to identify and manage risks throughout the project lifecycle. - Communicates and reports on risk metrics to IT management and governance groups. - Maintain impartiality around IT systems to produce unbiased reports on information security risk. - Conducts quality assurance reviews of security requirements and audit recommendations for the implementation of identified solutions. - Manages the engagement process of external risk assessment providers and acts as a liaison with internal IT project teams and business units. - Supports the ISO 27001 certification by promoting self-compliance to policies and standards by IT staff and managers. - Keeps abreast of international information security codes of practice such as ISO 27001/27002, information security and privacy regulations and how these measures could affect information assets owned by, or administered on behalf of, the client. - Assists with the development of the enterprise security architecture standards at the business, information, infrastructure, and application level. - Provides subject matter expertise on enterprise security architecture and influences selection of tools and technologies to support the security architecture standards. - As an advocate of information security, works closely and proactively with IT project team leaders, service providers, and business units to provide security-related technical solutions. - Identifies opportunities to improve business practices or IT security-related processes. - Analyzes, recommends and implements process improvements within the context of information security. - Works closely with IT project teams to develop implementation plans for new security-related products and services. - Coordinates the preparation and presentation of user technical support and training materials to ensure the efficient, effective and secure use of information and communications technology. - Coordinates and supports the work of security governance. - Prioritizes, monitors, and assesses compliance and audit recommendation results to ensure they are comprehensive, robust, and of high quality. *Skills:* - Familiarity with a broad range of technologies supplemented by in-depth knowledge in specific areas of relevance. - Ability to quickly grasp how new technologies work and how they might be applied to achieve business goals. - Analytical skills that enable synthesis of inputs from many sources, and allow for strategic thinking and tactical implementation. - Interpersonal skills that create openness and trust among colleagues. - Facilitation and conflict management skills that enable effective working relationships. - Spoken and written communications that are compelling, convincing and reassuring, and skills to articulate complex technical ideas to non-technical stakeholders. - Pragmatic security expert with an inherent ability to balance security demands with business reality. - Excellent relationship management skills. - Ability to multi-task. - Ability to think laterally and to have input to / propose detailed, complex solutions to technical issues. *Technical knowledge:Information Risk and IT Security:* - Assisting in the delivery of an IT Security Strategy and Architecture. - Developing and presenting IT security awareness training. - Delivery of Information Security Risk and architecture assessments including consulting on threat modeling, appropriate tiering of N tier applications, placement, and infrastructure controls to protect application components. - Able to consult and review the implementation of authentication (SSO, LDAP, AD), authorization (fine grained and course grained), and cryptography (PKI, SSL, kerberos, crypto algorithms) mechanisms within applications. - Experience with Identity and Access management suite integration, Web services (SAML, WS-Federation and WS-Security), and SOA security. - Defining the policies, standards, and guidelines for Information Security activities including Application and Infrastructure Security Vulnerability management and ensuring Application Security is integrated into SDLC. - Ability to consult and deliver standards and guidelines on the hardening of application and infrastructure components, tools and techniques to ensure the security of application and infrastructure components such as LINUX/Windows servers, Web servers (IIS, Apache, tomcat), app servers, Databases (Oracle and MS SQL), endpoints (MAC, Windows, Apple IOS, Blackberry etc), ArcSight, and Web Application Firewalls. - Manage and review the output of Application and Infrastructure Security assessments conducted by external security services firms. Defining process and procedures for using External security service providers including scoping, management of services, remediation tracking, and exception management. - Ability to perform and consult on whitebox and blackbox application security assessments. - Familiarity with code to the level of being able to conduct source code analysis for applications developed in languages: C#, .NET, JAVA. Experience using manual penetration assessment techniques as well as commercial/open-source secure application development tools/products, such as Fortify, WebInspect, Core Impact, Appscan (includes ability to identify false positives from output of automated tools). - Knowledge of OWASP, WASC, SANS, CVE, and CVSS (Threat & Vulnerability classification). *Certifications:* - CISSP (minimum) - CISA - GIAC, GSSP-NET, GWAPT, GPEN - CISM - ISO Lead Auditor -- *Thanks & Regards,* *Nithyanandam Ponna * *[email protected] <[email protected]> **Contact : 972-497-2508* *Techstar Consulting Inc.* www.techstargroup.com<http://www.techstarconsultinginc.com/> 1300 West Walnut Hill Lane, Suite 252, Irving, TX 75038 Fax: 214-292-8874 Yahoo IM / G Talk : mailnithyamail Alternate mail: [email protected] <:[email protected]> Linked IN: http://www.linkedin.com/pub/nithyanandam-ponna/6b/aba/458 *Note: This is not an unsolicited mail. If you are not interested in receiving our e-mails then please click "**Remove* <[email protected]> *"* -- You received this message because you are subscribed to the Google Groups "US_IT_ Jobs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/chandrakants. For more options, visit https://groups.google.com/d/optout.
