Title: *Data Security / Privacy Expert* Duration: 6 Months Location: Boulder, CO
*RESPONSIBILITIES:* • Partner with Information Security and Risk leadership to develop strategies and plans to enforce security requirements and address identified risks. • Develop a comprehensive understanding of company-specific data flow and business processes to enhance data protection capabilities • Lead the research, evaluation, design, testing, recommendation and planning for the implementation of new or updated information security technologies. • Establish collaborative working relationships with the businesses, functions and regions to ensure that information technology solutions align with security architecture and business strategy. • Partner with Information Security Operations, Risk, Privacy, and IS Compliance management to define security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems. • Enhance security team accomplishments and competence by planning delivery of solutions; answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members. • Play an advisory role in application development or acquisition projects to assess security requirements and controls and to ensure that security controls are implemented as planned. Recommend remediation activities and initiate actions to ensure that compliance and security gaps are successfully addressed. • Evaluate and assess Cloud and other third-part security controls to ensure that company’s data and infrastructure are adequately protected. • Provide second- and third-level support and analysis during and after security incidents. Assist the security administrators and IS staff in the resolution of reported security incidents. • Research and assess new threats and security alerts and recommend remedial actions. • Support the Information Security and Risk Team initiatives, including security governance, security requirements analysis, incident response, assessment facilitation & remediation, and development of Information Security & Risk Management policies, procedures, and standards that meet internal and external requirements (e.g. SOx, HIPAA, PCI-DSS, Data Privacy). • Partner with Information Security and Risk leadership in fostering an information security culture in Global IS through education, skill development, and implementation of effective information security processes and practices. • Interface with the Project Management teams to ensure security services are met in all phases of the project management framework. *PREFERRED QUALIFICATION :* *Professional certifications preferred (e.g. CISSP, CEH, CISA, CISM, etc.)* • Significant exposure or understanding of the following concepts, practices, and technologies: • Cyber Defense Frameworks • Threat Modeling • Incident Management • Web Filtering • Intrusion Prevention (IPS) • Data Loss Prevention (DLP) • Network Access Control (NAC) • Security Incident & Event Management (SIEM) Systems • Syslog • Secure Network Design Standards • Anti-Malware Solutions • Vulnerability and Patch Management • Data Capture Analysis • Application And Vulnerability Assessment Tools • Public Key Infrastructure (PKI) • Encryption • Identity And Access Control • End-Point Protection • Virtual Private Networks • Virtualization and Containerization • Next-Generation Firewalls • Knowledge of security & risk frameworks, standards, and best practices (i.e. PCI, HIPAA, ISO, COBIT) • Advanced experience with operating systems like Windows, Unix/Linux, BSD and iSeries. *New Updates* CISSP/CEH/CISA – one of these certifications is required. Some experience with HIPPA, SOX and other standards is required. NAC, IPS and DLP is still very much required. This role covers wide range of responsibilities. Following are some important things you will have to discuss with candidates and see if they have such experience: 1) Experience with application security – When a new application is being developed the security consultant will have to step in and make sure the design and architecture and the overall function of the application is in compliance with the security policies and standards. 2) Infrastructure Security – When a new application is installed and used by the organization the consultant has to make sure the infrastructure the app uses are in compliance with the policies and standards. If not the they will have to device a solution to make it work. It might require upgrades in the infrastructure and the consultant needs to make sure that these upgrades are again in compliance with everything. Some applications might be using cloud infra and therefore, the consultant needs to have adequate knowledge on cloud computing and its security. 3) Consultant should be able to analyse the systems and their security requirements on a layer by layer basis. Wherever there’s a deficiency in security the consultant will have to step in with a plan to bring it at par with the policies and standards. After any upgrades the consultant might need to create new policies and implement the same. *Thanks & Regards,* *Habeeb Rahman* 50, Cragwood Road | Suite#224 |South Plainfield | NJ-07080 Work: 908-822-8515 Ext: 22*|*Fax*:* 732-909-2191 [email protected] | www.Mutexsystems.com <http://www.mutexsystems.com/> Mutex Systems is a Minority Business Enterprise certified by NMSDC NOTE: If this email message has reached you in error and if you do not wish to receive similar messages in future, please reply with "REMOVE" in the subject line. Our apologies for any inconvenience caused. Under Bill S.1618 Title III passed by the 105th U.S. Congress this e- mail cannot be considered spam since we have included the contact information. -- You received this message because you are subscribed to the Google Groups "oraapps" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/oraapps. For more options, visit https://groups.google.com/d/optout.
