Thursday, April 17, 2008

Information Assurance Risk Assessment Professional

The candidate will be responsible to lead technical risk assessment efforts working with application and infrastructure subject matter experts from cross-functional teams such as business, database administrators, Unix and Windows system administrators, network engineers and application engineers. Technical Risk assessment is a process for identifying and mitigating technical risks with Application Service Provider (Vendors), that the client plans to partner with.
Communication with business units, other stakeholders
Project management, co-ordination and documentation
Architecture analysis and identification of risks
Technical negotiations with external vendors
Documenting the risks, and help business stakeholders define contractual terms
Required skills:
At least 6 years experience in full life cycle of technology development, at least 3 years should be in lead role. Broad Knowledge of various technologies such as Application Servers, Databases, Unix and Networks, etc . Understanding of information security best practices and standards. Demonstrated ability to manage multiple projects. Excellent communications skills and ability to communicate effectively with technical and business teams.

Desired skills: PMP, CISSP certifications are considered a plus.

Information Assurance Policy / Procedure Writer/Analyst/Engineer

Daily Responsibilities
* Able to create policy based on federal requirements.
* Able to communicate with the customer to develop procedures to comply with existing policy, incorporating currently performed practices.
* Able to augment existing procedures as necessary to meet new policies.
* Able to review, edit, quality check work of team members
* At least 3 years IA experience
Required: Years of experience (min)
Required: Degree
Required: Knowledge
Familiarization with FISMA, NIST, and OMB Information Assurance requirements.  (Specifically NIST SP800-53)
Desired: Skills / Knowledge / Certifications
NIST SP800-53, HSPD-12, SmartCard implementation, Wireless LAN implementation.