GRC Consultant
Apply NowCompany: West Advanced Technologies (WATI)
Location: Downey, CA 90242
Description:
GRC Consultant
Downey, CA - Remote
12+ months
Description:
A Security Engineer serves as the security engineer of complex technology implementations in a product-centric environment; is comfortable with bridging the gap between legacy development or operations teams and working toward a shared culture and vision; works to ensure developers create the most secure systems while enhancing the privacy of all system users; and has experience with white-hat hacking and fundamental computer science concepts. The Security Engineer will perform security audits, risk analysis, application-level vulnerability testing, and security code reviews; develop and implement technical solutions to help mitigate security vulnerabilities; and conduct research to identify new attack vectors.
Skills Required:
Security Engineers will possess knowledge and experience in safeguarding sensitive data from cyber-attacks.
Must have a minimum of ten (10) years of experience with developing and implementing technical solutions to help mitigate security vulnerabilities.
Requires the possession of a bachelor's degree in an IT-related or Engineering field. Additional qualifying experience may be substituted for the required education on a year-for-year basis.
Skills Preferred:
Comfortable working under the direction of a Departmental Chief Information Officer or user agency personnel Exhibit skill managing all aspects of risk and compliance of Information Security disciplines while interacting with mid-level officials of similar capacity at the user agency and private sector. Effectively engaging with IT teams, stakeholders, and leadership across the to develop, define and build risk assessment methodology with identified business priorities Perform ongoing education and training in Information Security related areas Possess knowledge and experience in customer service decision-making, flexibility, and interpersonal skills.
Experience managing a Governance, Risk, and Compliance program to achieve full compliance with defined IT Controls, and Security programs, and implementation of IT procedures focused on efficiency, effectiveness, and risk avoidance. Experience in internal audit and the corporate security teams to assess, remediate and prevent information technology risks. Experience with management and reporting of risk and security metrics. Development of IT Strategies and roadmaps to achieve greater security compliance. Provides oversight and project management of various internal and external audits, PCI, HIPAA, and CJIS compliance and risk/ control assessment engagements and regular penetration testing Experience with business process reengineering; cost-benefit analysis; financial management; planning and evaluating Experience with project management; quality assurance, requirements analysis, and risk management. Experience in information resources strategy and planning Knowledge of information technology architecture, information technology performance assessment, and infrastructure design Experience with systems integration; systems life cycle; and technology awareness. Background in IT Security Governance Risk, and Compliance. supporting Enterprise Multi-Tenant environment Experience with security expertise in NIST 800-53 and ISO 270001/2 controls, PCI, HIPAA, and CJIS compliance and helps CSB to create best practice frameworks, policy creation, and business impact analysis Experience in designing and implementing a program's efficient IT policies and procedures. Experience responding, containing, remediating, and reporting on the infrastructure connecting to Public Cloud Providers, such as AWS, Azure, and/or GCP.
The candidate preferred to have one or more of the following professional certifications Qualified Security Assessor (QSA) Certified Information Systems Auditor (CISA) Certified in Risk and Information Systems Control (CRISC). Certified Information Systems Security Professionals (CISSP) Certified Information Security Manager (CISM) Certified Information Privacy Professional (CIPP).
Regards
Naresh Damagalla
West Advanced Technologies, Inc
E: naresh.d@wati.com
Downey, CA - Remote
12+ months
Description:
A Security Engineer serves as the security engineer of complex technology implementations in a product-centric environment; is comfortable with bridging the gap between legacy development or operations teams and working toward a shared culture and vision; works to ensure developers create the most secure systems while enhancing the privacy of all system users; and has experience with white-hat hacking and fundamental computer science concepts. The Security Engineer will perform security audits, risk analysis, application-level vulnerability testing, and security code reviews; develop and implement technical solutions to help mitigate security vulnerabilities; and conduct research to identify new attack vectors.
Skills Required:
Security Engineers will possess knowledge and experience in safeguarding sensitive data from cyber-attacks.
Must have a minimum of ten (10) years of experience with developing and implementing technical solutions to help mitigate security vulnerabilities.
Requires the possession of a bachelor's degree in an IT-related or Engineering field. Additional qualifying experience may be substituted for the required education on a year-for-year basis.
Skills Preferred:
Comfortable working under the direction of a Departmental Chief Information Officer or user agency personnel Exhibit skill managing all aspects of risk and compliance of Information Security disciplines while interacting with mid-level officials of similar capacity at the user agency and private sector. Effectively engaging with IT teams, stakeholders, and leadership across the to develop, define and build risk assessment methodology with identified business priorities Perform ongoing education and training in Information Security related areas Possess knowledge and experience in customer service decision-making, flexibility, and interpersonal skills.
Experience managing a Governance, Risk, and Compliance program to achieve full compliance with defined IT Controls, and Security programs, and implementation of IT procedures focused on efficiency, effectiveness, and risk avoidance. Experience in internal audit and the corporate security teams to assess, remediate and prevent information technology risks. Experience with management and reporting of risk and security metrics. Development of IT Strategies and roadmaps to achieve greater security compliance. Provides oversight and project management of various internal and external audits, PCI, HIPAA, and CJIS compliance and risk/ control assessment engagements and regular penetration testing Experience with business process reengineering; cost-benefit analysis; financial management; planning and evaluating Experience with project management; quality assurance, requirements analysis, and risk management. Experience in information resources strategy and planning Knowledge of information technology architecture, information technology performance assessment, and infrastructure design Experience with systems integration; systems life cycle; and technology awareness. Background in IT Security Governance Risk, and Compliance. supporting Enterprise Multi-Tenant environment Experience with security expertise in NIST 800-53 and ISO 270001/2 controls, PCI, HIPAA, and CJIS compliance and helps CSB to create best practice frameworks, policy creation, and business impact analysis Experience in designing and implementing a program's efficient IT policies and procedures. Experience responding, containing, remediating, and reporting on the infrastructure connecting to Public Cloud Providers, such as AWS, Azure, and/or GCP.
The candidate preferred to have one or more of the following professional certifications Qualified Security Assessor (QSA) Certified Information Systems Auditor (CISA) Certified in Risk and Information Systems Control (CRISC). Certified Information Systems Security Professionals (CISSP) Certified Information Security Manager (CISM) Certified Information Privacy Professional (CIPP).
Regards
Naresh Damagalla
West Advanced Technologies, Inc
E: naresh.d@wati.com