Cyber Security Governance / Compliance Professional

Access Talent Today, LLC - Richmond, VA

Seeking a Cyber Security Policy Professional to join a team supporting a Multi-year contract serving the Commonwealth of Virginia (COV) as a “multisourcing service integrator” (MSI). Provide an innovative approach to assist the Virginia Information Technologies Agency (VITA) with modernizing the state’s technology infrastructure. Coordinate and monitor multiple IT infrastructure services suppliers for state executive branch agencies. The MSI is the cornerstone of a strategy that will diversify the state’s portfolio of suppliers, improve service delivery quality, ensure cost-competitiveness, and provide transparency and accountability into the commonwealth’s service delivery platform.

 

Essential duties of this position:

  • Review and assess system security plans (SSPs), IT architectural designs and other documentation for:
    • Compliance with COV Security Policies, Standards, and Guidelines
    • Use of industry best practices
    • Compatibility with COV Enterprise Architecture
    • Cyber risk and potential vulnerabilities
    • Long term ability to minimize vulnerability and risk to the COV
  • Provide cybersecurity and cyber-architectural guidance and recommendations to COV, VITA, other suppliers in MSI program, enterprise architects, and others associated with the MSI program
  • Develop and maintain a holistic understanding of COV cyber and IT architecture and requirements across multiple suppliers and agencies
  • Develop, maintain, and improve security architecture-related processes, procedures, templates, and training
  • Work with multiple suppliers to develop hardening standards
  • Actively participate in continual service improvement process for security architecture

 

Knowledge / Skills / Abilities

  • Excellent understanding of cybersecurity laws, principles, controls, frameworks, and standards
  • General understanding of cyber risk management, security audit, security incident handling, threat analysis, enterprise architecture, identity governance, system administration, network engineering
  • Ability to read, assess, and write large quantities of technical documentation
  • Ability to communicate with and effectively explain complex, technical information to others at all levels, from non-technical, to highly technical, to executive
  • Excellent written and verbal communication skills
  • Excellent attention to detail and organizational skills
  • Ability to take general goals and determine a specific course of action
  • Ability to work independently and with a team
  • Knowledge of cloud services, both GOV and Commercial, including: Azure, AWS, Oracle Cloud Infrastructure, Google G Suite, Okta, Box, Salesforce, ServiceNow
  • Knowledge of Microsoft server operating systems and applications, and multiple Linux variants required
  • Knowledge of CyberArk Privileged Access Security, SailPoint IdentityIQ, Splunk, Nessus tenable.sc, RSA Archer, McAfee enterprise security products preferred

 

Qualifications

  • Bachelors and five (5) years or more experience; Masters and three (3) years or more experience; in lieu of a degree, four (4) additional years or related experience may be considered.
  • ITIL v3 Foundation (or above) certification preferred
  • Security certifications preferred (CISM, CISSP, or similar)
  • Must be US Citizen
  • Must be able to pass the COV background check


Posted On: Wednesday, May 6, 2020



Apply to this job
  • Additional Information