Senior Specialist - Risk Assessment

Overview

ComputaCenter TeraMach proudly supports a variety of clients in delivering critical cyber architecture initiatives.

Responsibilities

The Specialist is required to provide expertise in cyber architecture and assist with the planning and execution of assigned projects.

Standard responsibilities include :

• Perform threat modeling exercises and security control design analysis, architecture and design reviews, coordinating with stakeholders to integrate secure-by-design principles.
• Assist in setting cyber strategy and architecture standards for new developments.
• Engage with technology teams across the organization to build alignment on key projects and initiatives; develop strategy and cyber architecture execution roadmaps.
• Create solutions that balance business requirements with information and cyber security requirements.
• Evaluate projects, systems, applications, networks, and tools for compliance with cyber and architecture standards.
• Provide subject matter expert support and consultation for RFP design and evaluations, as directed.
• Conduct other cyber-related risk assessments and security reviews as directed by management.

Qualifications

• Must have experience writing detailed risk assessment reports and presenting to senior leaders (8+ years). Must be prepared to provide written sample reports.
• Expert knowledge in application, infrastructure, and system security controls (8+ years).
• Hands-on experience conducting security risk assessments (10+ years).
• Experience conducting and reviewing application vulnerability assessments and penetration tests (5+ years).
• Current experience in cloud security and the evaluation/review/RFP of cloud-based services such as Amazon Web Services and Salesforce in a public sector environment.
• Experience working in the government/public sector (4+ years).
• Experience implementing security policies, procedures, and processes (4-8 years).
• Current experience in external contract/vendor RFPs (both cloud and on-premise): security requirements, evaluation, due diligence, and review (5+ years).
• Strong understanding of common vulnerability frameworks (CVSS, OWASP Top 10).
• Strong understanding of internet security, networking protocols, and internal control frameworks.
• Professional designations such as CISSP, CISA, CISM, CRISC, CCSP, or PMP.
• Current government security clearance is desirable.
• Advanced knowledge of security standards such as ISO 27001/27002, CIS, NIST, ISO 27018, COBIT, and cloud security frameworks.