Senior Specialist - Risk Assessment

ComputaCenter TeraMach proudly supports a variety of clients in delivering critical cyber architecture initiatives.

The Specialist is required to provide expertise in cyber architecture and assist with the planning and execution of assigned projects.

Standard responsibilities include:

1. Perform threat modeling exercises and security control design analysis, architecture and design reviews, coordinating with stakeholders to integrate secure-by-design principles.
2. Assist in establishing cyber strategy and architecture standards for new developments.
3. Engage with technology teams across the organization to align on key projects and initiatives; develop strategy and cyber architecture execution roadmaps.
4. Create solutions balancing business requirements with information and cyber security needs.
5. Evaluate projects, systems, applications, networks, and tools for compliance with cyber and architecture standards.
6. Provide subject matter expertise/support for RFP design and evaluations, as directed.
7. Conduct other cyber-related risk assessments and security reviews as directed by management.

• Must have experience writing detailed risk assessment reports and presenting to senior leaders (8+ years). Must be prepared to provide written sample reports.
• Expert knowledge of application, infrastructure, and system security controls (8+ years).
• Hands-on experience conducting security risk assessments (10+ years).
• Experience reviewing application vulnerability assessments and penetration tests (5+ years).
• Current experience in cloud security and evaluating/reviewing RFPs for cloud services such as AWS and Salesforce in a public sector environment.
• Experience working in the government/public sector (4+ years).
• Experience implementing security policies, procedures, and processes (4-8 years).
• Current experience with external contracts/vendor RFPs (both cloud and on-premise): security requirements, evaluation, due diligence, and review (5+ years).
• Strong understanding of vulnerability frameworks like CVSS and OWASP Top 10.
• Strong understanding of internet security, networking protocols, and internal control frameworks.
• Professional designations such as CISSP, CISA, CISM, CRISC, CCSP, or PMP.
• Current government security clearance is desirable.
• Advanced knowledge of security standards such as ISO 27001/27002, CIS, NIST, ISO 27018, COBIT, and cloud security frameworks.