Senior Specialist - Risk Assessment

ComputaCenter TeraMach proudly supports a variety of clients in the delivery of critical cyber architecture initiatives.

The Specialist is required to provide expertise in cyber architecture area and assist with the planning and execution of assigned projects.

Standard responsibilities include :

• Perform threat modeling exercise and security control design analysis, architecture and design reviews, coordinating with various stakeholders to integrate secure by design principles
• Assist in setting the cyber strategy and architecture standards for new developments
• Engage with technology teams across the organization to build alignment on key projects and initiatives; and develop strategy and cyber architecture execution roadmaps
• Create solutions that balance business requirements with information and cyber security requirements
• Evaluate projects, systems, applications, network and tools for compliance to cyber and architecture standards
• Provide subject matter expert support / consultation to RFP design and evaluations, as directed
• Other cyber related risk assessments and security reviews as directed by management

• Must have experience writing detailed risk assessment reports and presenting to senior leaders (8+ years) – Must be prepared to provide written sample reports
• Expert knowledge in Application, Infrastructure and System security controls(8+ years)
• Hands-On Experience conducting security risk assessment (10+years)
• Experience conducting and reviewing application vulnerability assessment / penetration tests (5+years)
• Current experience in Cloud Security and the evaluation / review / RFP of cloud based service such as Amazon Web Services, Salesforce in a public sector environment
• Experience working in the government / public sector (4+ years)
• Experience implementing Security policies, procedures and processes (4-8 years)
• Current experience in external contract / vendor RFP (both Cloud and on Premise) : security requirements, evaluation, due diligence and review (5+ years)
• Strong understanding of common vulnerability frameworks (CVSS, OWASP Top 10).
• Strong understanding of Internet security, networking protocols and Internal Control Frameworks.
• Professional designation in at least two of the following CISSP, CISA, CISM, CRISC, CCSP or PMP
• Current Government Security Clearance is desirable
• Advanced knowledge of security standards such as ISO 27001 / 27002, CIS, NIST, ISO 27018, COBIT and Cloud security frameworks