Hello,
Here is the requirement for the below position please do respond me with the Updated profile to [email protected] or reach me @ 408-668-8260. *Job Description :* Information Security Risk Analyst responsible for key information security initiatives and develop the client’s Information Risk Management Program related to Security Requirements, Information Security Awareness; and, Information Security Risk Management. The Senior Information Security Analyst will work collaboratively with Internal Audit, IT Compliance, Security Operations and management of Information Security; lead the implementation and maintenance of policies, procedures and protocols needed to support the Information Security Program; and, will be responsible for managing the Security Exception process, working in conjunction with members of the business and technical teams. *Technical Responsibilities: * Hands on experience- Building and implementing Security Risk framework using industry standards (NIST, COBIT etc…) Developing Security policies, procedures and standards but not limited to: User Account Standard - Including categories of user accounts, account types for different environments, account usage requirements Penetration Testing Standard - Including penetration testing requirements and triggers for penetration testing Risk Policy and Process - Including a risk governance policy, process for assessing risks, process for assessing the risk of new programs/activities Creation of Risk Register - Process associated with managing the risk and Risk Register Relevant Years of Experience: 6 to 8 years *Must Have Technical Qualifications: * IT Risk assessment and analysis methodologies Information security industry standards (e.g., ISO 27000 series, NIST, PCI) Risk frameworks and models, risk quantification, risk recording and risk reporting IS audit standards, guidelines and best practices to ensure that business systems are protected Demonstrated ability to communicate effectively both verbally and in writing as evidenced by prior work experience *Must Have Business Qualifications: * Ability to communicate security concepts and practices effectively with staff at all levels of the company, both technical and non-technical Ability to acquire acceptable knowledge and applicability of regulations and their effect on business processes; *Nice to Have Qualifications:* Any Industry recognized certification in Security space e.g. CIRIS, CISSP, ISO General knowledge of HIPAA/HITECH, FISMA, URAC, NIST, Gramm-Leach Bliley, Sarbanes-Oxley and other related security regulations and standards. *Thanks & Regards,* *Naga Vemuri* *IDC Technologies Inc.* 1851 McCarthy Boulevard, Suite 116, Milpitas, CA, USA, 95035. *Ph* - 408-668-8260 *Fax* - 408-608-6088 *Email* - [email protected] <[email protected]> *Gtalk* - *[email protected] <[email protected]>* -- You received this message because you are subscribed to the Google Groups "Open Source J2EE frameworks" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/open-source-j2ee-frameworks. For more options, visit https://groups.google.com/d/optout.
