Information Systems Security Compliance Manager 4 - New Delhi, India - Novalink Solutions LLC

    Novalink Solutions LLC
    Novalink Solutions LLC New Delhi, India

    2 weeks ago

    Default job background
    Description
    Job DescriptionPosition Description

    Information Technology (IT) Professionals analyze, develop, implement, maintain, and modify computer operations, systems, networks, databases, applications, and/or information security. Incumbents may perform duties in one or more IT specialization areas depending on the needs of the agency.

    Incumbents perform supervisory duties and manage projects of varying size, scope, and impact to agency operations to include serving as the project leader; planning, organizing, and directing project activities; resolving design conflicts; data administration; resource allocation; contract negotiation; timeline development; critical path tracking; justifying the need for additional resources; and coordination with other work units within and outside the organization as assigned.

    Primary responsibilities will be performing the duties of an Information Security Officer.

    Security functions include but are not limited to:


    Conduct comprehensive assessments of the management in accordance with NIST Risk Management Framework (RFM), operational, and technical security controls employed within or inherited by a system to determine the overall effectiveness of the security controls using NIST and Center for Internet Security (CIS) Controls for DMV ON-PREM and Cloud environments including AWS, Salesforce, and Mulesoft CSPs.


    Generate and maintain required IS security documentation including Systems Security Plans (SSP), Information Assurance Standard Operating Procedures (IA SOP), Continuous Monitoring Plans, Security Control Traceability Matrices, Risk Assessments, Plan of Action & Milestones (POA&M), equipment specifications, practices, and procedures.

    The position will perform security audits and support external agency audits to ensure compliance with state and federal rules in the following areas:


    investigations, security awareness training administration, security access control recommendations, badge access administration, risk assessments, approval authorization, anomalous activity detection alert notifications and incident response, and evaluation of software and hardware recommendations with related cost estimates.


    Maintain day-to-day security posture and continuous monitoring of DMV networks and systems utilizing tools such as Tenable, Symantec, Alteris, Anomali, and Solarwinds in accordance with security policies and procedures.


    Schedule, perform and maintain records of required IS auditing, patching, maintenance, software/hardware changes, and scanning based on evolving threat/vulnerabilities and customer compliance requirements.


    Assess changes to an IS by performing periodic self-inspections for compliance with PCI-DSS, CJIS, and state and federal data privacy requirements, tests, and reviews of the IS program to ensure that systems are operating as authorized/accredited and that conditions have not changed; ensure corrective actions are taken for identified findings and vulnerabilities.

    Minimum Qualifications


    Bachelor's degree from an accredited college or university with major course work in computer science, management information systems, or closely related field and five years of progressively responsible professional IT experience relevant to the duties of the position which may include systems administration, network administration, database administration, applications analysis and development, and/or information security, two years of which were at the advanced journey level or in a supervisory or project management capacity; OR Bachelor's degree from an accredited college or university with major course work in computer science, management information systems, or closely related field and five years of progressively responsible professional IT experience which may include systems administration, network administration, database administration, applications analysis and development, and/or information security, relevant to the duties of the position, two years of which were at the journey level in information security; OR two years of relevant experience as an IT Professional III in Nevada State service; OR an equivalent combination of education and experience as described above.

    Requirements

    Special Requirements

    Current CISSP and PCI-DSS ISA certifications

    A pre-employment criminal history check and fingerprinting are required. Persons offered employment in this position will be required to pay for these items.

    Current AWS Certified Security, Salesforce Cloud Security Engineer (desired)

    Work is with Confidential information and requires ONSITE duties and functions.