Hi,
Hope you are doing well. Please review the below job and let me know if you have any consultant matching below skills set. Job Description IRIS’ Client, one the world’s largest banks, has an opportunity for a strong Information Security Engineer for a Contract opportunity. As one of the world’s largest bank the Client provides an extensive network, both domestically and internationally, of operations and services in a wide-range of banking and financial services. Position: Information Security Engineer Location: Jersey City, NJ Duration: Long Term Contract Interview: Telephonic Experience • 3-5 years of experience in information security • Financial Services experience, with Top 10 banking preferred • Experience in either Information Technology/business management or Information Technology audit/compliance preferred, including o Executing Risk Assessments related to information security practices and summarizing observations related to findings, control deficiencies, gaps, etc. identified during the Due Diligence exercise and related guidance about required remediation o Understanding of variation in Due Diligence required as it relates to Vendor Information Security and the service the Vendor is providing (SSAE16, Network Diagrams, Information Security Policies, User Provisioning, Information Classification Levels, PCI, Industry Self-Assessments, Internet Service Provider Hosting or Processing Data, Cloud Provider) o Ensuring that the documented information security practices are effective and are being applied o Recommending Risk Mitigation techniques based on the business needs of the enterprise o Implementing and managing an short-term Incident Management information gathering or similar process and reporting results on a periodic basis (e.g. utilizing a SharePoint Survey to collect information and report results in a meaningful manner) Educational Requirements • Bachelor Degree with some coursework in Information Technology • At least 1 Information Security Certification (e.g. CISSP, CRISC, CISM, CISA, etc.) Responsibilities The key responsibilities of the Vendor Information Security Risk Consultant will include, but not be limited to: • Conducting vendor due diligence, participate in follow-up activities with vendors and identify risks as they relate to vendor’s information security practices • Conducting product and service risk assessments and determine inherent information security risk for vendor relationships • Implementing and executing the Vendor Incident Response Process for Information Security Vulnerabilities when required • Providing written observations to Business about findings, control deficiencies, gaps, etc. identified during the Due Diligence exercise and related guidance about required remediation • Drafting language for Business should they want to consider leveraging the Risk Acceptance Process • Support requests for review of contract language in vendor agreements • Identify policy, process and system issues and propose enhancements as appropriate • Build and maintain strong working relationships with Vendor Risk Administration, Vendor Relationship Managers, Contract Managers and other stakeholders within the company Technical Skills • Fundamental understanding of Information Security Risk assessment and analysis methodologies o A solid understanding of information security practices and activities and the risk associated with them o Ability to analyze Information Security Risks and Controls including identification of mitigating controls o Some knowledge of Information security industry standards (e.g., ISO 27000 series, NIST, PCI) o Risk quantification, risk recording and risk reporting • Basic knowledge of Regulatory Requirements pertaining to Vendor Relationships • Project management techniques • Experience working with Excel and Microsoft SharePoint Thanks and Regards, Chandan IRIS Software, Inc. Direct: 732.912.7717 | Fax: 732 393 0035 [email protected] / www.irissoftinc.com 200 Metroplex Drive, Suite 300, Edison, NJ 08817 233 Broadway, 10th Floor, New York, NY 10001 A CMMi, ISO 9001:2008, ISO 27001 Company Ranked on the Inc 500 list, Deloitte & Touche Fast Technology Companies, and NJ Finest Companies -- You received this message because you are subscribed to the Google Groups "American Vendor--IT Consulting" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/sap-vendor. For more options, visit https://groups.google.com/d/optout.
