Previous Job
Senior Cyber Security Risk Management Analyst – (Database/Applications)
Ref No.: 18-00687
Location: San Diego, California
Full Time Position / W2 only (US Citizen only)
Location: Orlando or San Diego
Job Description:
As the Cyber Security Risk Management Analyst you will be reporting to the Director of Compliance and Risk Management within the office of the CISO. The analyst serves as the Cyber Security point of contact in support of IT portfolio of projects, supplier security evaluations, participate in analysis of alternative workshops and security consultation with regards to company policies and security best practices.  Other responsibilities include:
  • Present security recommendations for complex programs & sourcing decisions
  • Perform system security evaluations on suppliers and vendor products by following prescribed security evaluation criteria
  • Provide input to regularly scheduled platform and project specific meetings
  • Produce quality system security risk assessment reports
Required Qualification:
  • At least 8-10 years of related experience
  • Education: Bachelor’s Degree in related field
  • Professional Security Certifications through DoD, ISC2, ISACA or Comp TIA preferred
  • Must have solid work experience with successful teaming environments
  • Self-starter with proven initiative and developed listening skills
  • Demonstrate timely task completion involving solid organizational skills, task tracking, follow-up, and productive peer interaction
  • Possess strong technical writing, verbal and presentation skills
  • Demonstrated success leading and conducting senior level security risk analysis--Specifically Threat Modeling involving system decomposition, threat and vulnerability discovery and mitigation
  • Worked with Security Development Lifecycle (SDL)
  • Experience working in the Window, RHEL, database environments:
    • Active Directory-Domains and Forecasts
    • Securing common services (Domain Controllers, DNS, Terminal, DHCP, WINS, Routing and Remote Access)
    • Strong knowledge of protocol design, network topologies and perimeter security devices (proxies, IPS, IDS, Firewall and packet analyzers) and network security design
    • Implementing Group Policy
    • Rights Management Services
    • Oracle and MS SQL database security architecture
  • Working knowledge of Security Standards/Controls specified under various IT governance and compliance models (NIST, ISO 27001&27002, ITIL, COBIT):
    • Applications and Systems Development Security
    • Security Management Practices
    • Access Control
    • Security Architecture and Modeling
    • Telecommunications
    • Network Security
    • Cryptography (PKI)
    • Operations Security
    • Physical Security Controls
    • Business Continuity Planning and Disaster Recovery
  • Incident Reponses
  • Governance/Law (SEC, HIPPA, PCI, SOX, FISMA, DFAR, NIST 800-171), Investigation, Ethics
Desired Qualification:
  • Individual contributor-must perform with limited supervision
  • Technical writing-comfortable writing reports for senior management
  • Organizational-understanding of corporate enterprise IT solutions
  • Knowledge of IT governance and compliance models
  • Knowledge of IT Security Controls
  • Knowledge of IT Security provisioning (ISC2/ISACA/Comp TIA certs are a plus)
  • Experience in the Windows, Linux, Database or Application environments
  • Knowledge of any ERP security architecture, features and functionality