Computer Consultants International, Inc.Jackson, MS
Expired: 29 days ago. Applications are no longer accepted.
A full-time IT Security Officer (ITSO) to perform the below tasks and lead the development and maturity of the agency’s enterprise-wide cybersecurity posture. Developing and maintaining agency-specific security plans, policies, and procedures. b. Interacting with ITS as the primary contact for security related issues. c. Ensuring that agency is adhering to the State of Mississippi Enterprise Security Policy. d. Participating in the state information security listserv. e. Researching IT industry for security related issues and how it affects the agency specifically. f. Monitoring security issues within the agency’s IT resources. g. Facilitating the State Auditor’s Information Systems Audit and the Third-Party Risk Assessment. The ITSO will also be responsible for leading and coordinating the security effort among all agency’s vendors and systems. The ITSO will require a combination of technical skillsets, including an in-depth understanding of architecture, security, and privacy, as well as proficiency in written and verbal communication abilities. The ITSO must also maintain a strong understanding of risk management and governance practices and the use of risk management methodologies. The ITSO is responsible for strengthening and maintaining the agency’s information security program, including hands-on execution and day-to-day management of the enterprise network, as well as responsibility for all aspects of IT security audits. 1.1. Security Framework, Security Planning, and Regulatory Expertise 1.1.1. Implement a security framework for AGENCY that will enable the agency to maintain compliance with federal and state security regulatory requirements and security controls. 1.1.2. Map processes, policies, procedures, and appropriate documentation to the appropriate security controls within the security framework. 1.1.3. Maintain an in-depth knowledge about the AGENCY technical environment and ensure ongoing security controls are maintained following regulatory requirements and industry best practices. 1.1.4. Keep abreast of the ever-changing security technology in computer systems, network environment, and telecommunication products, including federal and state security protocols such as: NIST, Information Technology Services (ITS) Enterprise Security Policy, etc. 1.1.5. Provide subject matter network and technical expertise in the acquisition/procurement, implementation, configuration, and management of various security products including but not limited to GRC system, Managed Security Services, IDS/IPS, firewalls, email/web filtering devices as well as other security appliances, hardware, and software. 1.1.6. Provide subject matter security expertise across all AGENCY projects to ensure security and privacy compliance with state and federal requirements. 1.1.7 Evaluate technical architecture in multiple environments and make recommendations based on regulatory compliance, best practices, and experience. 1.1.8 Ensure that Agency’s information systems enterprise security planning efforts encompass disaster recovery and business continuity. 1.1.9 Establish security priorities, in collaboration with appropriate AGENCY and vendor personnel and the AGENCY 1.1.10 Represent Information Security at senior leadership meetings and as a member of the Information Security Management Council (ISMC). 1.2 Security Policies and Documentation 1.2.1 Conduct annual review of security policies and update them as needed. 1.2.2 Analyze and refine existing security policies as needed to maintain compliance. 1.2.3 Create additional policies as necessary to address all the control families within the security framework. 1.2.4 Create and maintain standard contractual language concerning security requirements for use in competitive instruments and contracts. 1.2.5 Direct and participate in the preparation and maintenance of reports, policies, process, procedures, audit logs, and gathering of evidence as necessary to carry out the information security functions of AGENCY 1.2.6 Prepare regular reports for management, as necessary or requested, to track strategic goals related to the information security posture of AGENCY 1.2.7 Review security documentation and deliverables submitted by agency partners and provide guidance and feedback as necessary to protect Agency’s confidential information and maintain compliance with state and federal regulations. 1.2.8 Coordinate with AGENCY vendors and staff in response to writing security related documentation/reports for other state and federal entities including Advanced Planning Documents, Plans of Actions and Milestones (POAMs) reports to governmental agencies, Safeguard Security Reports, and System Design Plans. 1.2.9 Update and maintain the System Security Plans (SSP) and coordinate other Vendors’ updates to SSPs for each system. 1.3 Data Classification / Access Control 1.3.1 Establish/maintain system inventories and data classification protection profiles and assign control element settings for each category of data for which AGENCY is responsible. 1.3.2 Ensure access to confidential information within the AGENCY enterprise systems follows regulatory compliance, and that access is immediately terminated upon the departure of staff members. 1.3.3 Perform periodic review and analysis of active users in AGENCY systems to the terminated and new hire employee lists provided by Human Resources to ensure users have the minimal access necessary to perform their job duties and that terminated employees are removed from systems in a timely manner. 1.4 Workforce Security Training and Collaboration with AGENCY Offices and Agency’s Business Partners 1.4.1 Establish and maintain a security awareness program for Agency’s workforce to include roles with access to Personal Identifiable Information (PII), and Federal Tax Information (FTI). 1.4.2 Manage Agency’s security training efforts. 1.4.3 Foster a culture of security among Agency’s workforce. 1.4.4 Promote the ongoing goal of increasing the overall security and privacy posture of Agency’s enterprise on premise and vendor-hosted and managed systems. 1.4.5 Coordinate security activities between other business units within agency, vendors, partners, state, and federal agencies. 1.4.6 Establish and manage a security/compliance committee comprised of a good representative cross-section of AGENCY stakeholders. 1.4.7 Collaborate with Legal, Privacy, Human Resources, OHIT management and staff, and other personnel as appropriate in matters relevant to information security. 1.4.8 Coordinate and collaborate extensively with the AGENCY 2 Refine, strengthen, and maintain a security governance risk management and compliance program encompassing operational, procedural, technical, architectural and physical access components. 2.1 Risk Management 2.1.1 Ensure agency, partners, and vendors meet or exceed all AGENCY security and privacy requirements and contractual obligations related to information security and that any risks or deficiencies are documented, and a corrective action plan is agreed upon and followed. 2.1.2 Evaluate technical systems, generate written reports documenting vulnerabilities and configuration deficiencies, design defects, or other risks to the security of AGENCY information systems environments and engagement findings. 2.1.3 Biannually conduct risk analyses of all systems involved in compliance with federal regulations to identify and implement necessary safeguards. 2.1.4 Perform and coordinate risk analysis tasks related to the security and privacy of Agency’s enterprise IT environment, including risk mitigation plans, risk prioritization, and the elimination or minimization of risks. 2.1.5 Manage Agency’s Security Risk Strategy. 2.2 Compliance 2.2.1 Monitor and advise OHIT and the Office of Data Governance in the creation of the contractual requirements of partner and vendor security and privacy requirements for federal, state, and OHIT policy, regulatory, and legal compliance. 2.2.2 Perform network-based infrastructure scans, database scans, web application scans, and penetrations tests when necessary to determine that Agency’s technical environment meets security control requirements. 2.2.3 Identify security vulnerabilities and ensure Agency’s compliance with the major security guidelines such as NIST, and other applicable security safeguards. 2.2.4 Regularly assess threat levels and recommend needed adjustments to existing security policies. Work with appropriate AGENCY vendor personnel and AGENCY to prioritize and schedule remediation tasks necessary to address audit findings timely. 2.2.5 Test firewalls/routers/systems/database configurations and access control rules to ensure compliance with required standards and documented standards and policies. 2.2.6 Implement, manage, and administer a solution once it has been procured. 2.2.7 Evaluate security-related tasks to be outsourced and provide subject matter expertise for procuring Managed Security Services (MSS). 2.2.8 Provide oversight and administration of Agency’s managed security service provider(s) once procured. 2.3 Audits 2.3.1 Lead ongoing audit or assessment activities by managing and responding to all IT audits (regular and ad-hoc) involving technology and security matters by facilitating, gathering, and supplying documentation when required, reviewing findings, and developing and managing to completion remediation plans for those findings. These audits by state and federal entities include but are not limited to Mississippi Office of the State Auditor, Internal Auditors, IRS, Office of the Inspector General (OIG), etc. 2.3.2 Participate in each audit entry and exit meeting and work with auditor to establish their requirements. 2.3.3 Consolidate Agency’s responses into a cohesive and understandable response to the auditor’s requests for information. 2.3.4 Respond to audit findings/questions and manage all remediation efforts. 2.3.5 Develop and manage
Computer Consultants International, Inc.
Why Work Here?
Privately held, Never had a layoff in 20 years, Great team, Great customers, great CEO!
Computer Consultants International, Inc. (CCI) is an IT Consulting Firm with more than 20 years experience providing effective, expert-level services in industries such as Construction, Technology, Finance, Healthcare, and Government. CCI focuses on building long-term relationships while completing projects from design to delivery. People are CCI's key component for success. Recruiting utmost-quality individuals for our clients, CCI fields a workforce of individuals who are selected not only because of their technical qualifications but also for their achievements as substantial, contributing human beings. In government work and in the commercial market, high standards of ethics and accountability are critical. Therefore our people are chosen for their integrity and ability to maintain relationships, as well as expertise in their field. To learn more about CCI, visit us online at www.cci-worldwide.com.