|Reference # : ||19-01205
||Title : ||Security Control Assessor 3|
|Experience Level : ||
||Start Date / End Date : ||02/03/2020 / 02/06/2021
| Description |
|Note: See Additional Position Information document for specified requirements for the advertised position.|
The role of the Security Control Assessor is to apply and understand principles, policies and procedures that enable an organization to meet applicable information and cyber security laws, regulations, standards and policies to satisfy statutory requirements, perform industry-wide best practices and achieve information and cyber security program goals. Understands, assesses and supports policies and procedures implemented to verify organizational compliance with applicable laws, regulations and/or departmental requirements. Assesses the operational, assurance and technical security controls implemented on information systems via security testing and evaluation (ST&E) methods.
Education & Applicable Fields:
Bachelor?s Degree in Computer Science, Information Technology or a directly related technical discipline is highly preferred.
Education & Experience Requirements:
A degree in Computer Science, Information Technology or a closely related field is preferred.
? With Bachelor?s Degree in applicable fields: 6 years of experience is required
? With an Associate?s Degree in applicable fields: 8 years of experience is required
? Without a Degree: 10 years of experience in Computer/Information Technology or related field is required
? Applicable certifications may count as 1 year of experience
? Experience must include direct work experience conducting assessments of compliance and operational and technical security controls employed within or inherited by an Information System to determine the overall effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system).
Typical tasks may include but are not limited to:
? Perform risk analyses so that appropriate countermeasures can be developed.
? Conduct security audits to identify potential vulnerabilities related to physical security, staff safety or asset protection.
? Assess operational, assurance and technical security controls implemented on an information system via security testing and evaluation (ST&E) methods.
? Understand and assess policies and procedures implemented to protect all categories of information and to verify compliance with applicable laws, regulations and/or departmental requirements.
? Recommend improvements in security systems or procedures.
? Plan, implement, upgrade or monitor security measures for the protection of computer networks and information.
? Maintain, monitor, control and protect IT infrastructure and the information residing on such infrastructure.
? Perform a wide variety of data collection, analysis, reporting and briefing activities associated with security operations and maintenance to verify that security policies are implemented and maintained on information systems.
? Develop plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.
? Review violations of security procedures and discuss procedures with violators to verify that violations are not repeated.
? Monitor current reports of computer viruses to determine when to update virus protection systems.
? Perform risk assessments and execute system tests to verify that adequate security measures are in place.
? Asses the effectiveness of the risk management program to include mitigation strategies.
? Modify computer security files to incorporate new software, correct errors, or change individual access status.
? Plan implement, upgrade or monitor security measures for the protection of computer networks and information.
? Train users and promote security awareness on system security.
? Provide security incident handling, response, follow-up as well as documentation.
? Respond to computer security breaches and viruses.
? Develop documentation of testing and evaluation activity in order to arrive at logical and comprehensive conclusions and recommendations.
? Review violations of computer security and emergency measures, policies, procedures and tests.
? Document computer security and emergency measures policies, procedures and tests.
? Confer with users to discuss issues such as computer data access needs, security violations and programming changes.
? Monitor use of data files and regulate access to safeguard information in computer files.
? Coordinate implementation of computer system plans with management and outside vendors.
? Recommend improvements in security systems or procedures
? Provide system design and integration recommendations.
? Assess the nature and level of threats so that the scope of the problem can be determined.
? Respond to emergency situations on an on-call basis.
? Recommend the value-loss impact and criticality of assets.
? Encrypt data transmissions and erect firewalls to conceal confidential information as it is being transmitted and to keep out tainted digital transfers.
? Provide project management technical expertise for assigned projects.