Information Security Specialist 2

West Sacramento, CA

36+ months

Mandatory Qualifications:

Minimum of five (5) years of experience applying security policies, standards, testing, modification and implementation.

At least three (3) years of that experience must be in information security analysis.

Bachelor's Degree in an IT-related or Engineering field. Additional qualifying experience may be substituted for the required education on a year-for-year basis.

Minimum of one (1) year of experience reviewing compliance with HIPAA security standards and alignment with Health Care Industry Security Approaches pursuant to Cybersecurity Act of 2015, Section 405(d).

Minimum of one (1) year of experience reviewing compliance with the most current NIST SP 800-53, “Security and Privacy Controls for Federal Information Systems and Organizations” and/or NIST SP 800-171, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations“.

Minimum of one (1) year of experience reviewing compliance with the Open Web Application Security Project (OWASP).

Minimum of one (1) year of experience assessing AWS and Azure systems and environments.

Desirable Qualifications:

The MES assessor should possess a combination of privacy and security experience and relevant assessment certifications. Examples of acceptable privacy and security experience may include, but are not limited to:

o Reviewing compliance with the Federal Information Security Management Act.

o Participating in the Federal Risk and Authorization Management Program (FedRAMP)-certified third-party assessment organization.

o Experience assessing the implementation of the Center for Internet Security (CIS) benchmarks.

The assessor organization should have relevant security and privacy accreditations, and the assessor's team leads should have relevant security and privacy certifications. Examples of relevant auditing certifications are:

o Certified Information Privacy Professional

o Certified Information Privacy Manager

o Certified Information Systems Security Professional

o Fellow of Information Privacy

o HealthCare Information Security and Privacy Practitioner

o Certified Internal Auditor

o Certified Risk Management Professional

o Certified Information Systems Auditor

o Certified Government Auditing Professional

o Certified Expert HIPAA Professional

o AWS Certified Cloud Practitioner

o AWS Certified Security Specialist

More than one (1) year experience reviewing compliance with the following:

o HIPAA security standards and alignment with Health Care Industry Security Approaches pursuant to Cybersecurity Act of 2015, Section 405(d).

o NIST SP 800-53, “Security and Privacy Controls for Federal Information Systems and Organizations” (most current) and/or NIST SP 800-171, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations”.

o OWASP.

More than one (1) year assessing AWS and Azure systems and environments.

Education: Bachelor's Degree in an IT-related or Engineering field. Additional qualifying experience may be substituted for the required education on a year-for-year basis.

Regards

Naresh Damagalla

West Advanced Technologies, Inc

E: naresh.d@wati.com D: 279-666-5838 M: 916-694-5317

Serving government agencies for 22 Years

www.wati.com