• Skip to main content
  • Skip to primary sidebar

ConvoCourses

Cyber Security Compliance and IT Jobs

  • Cyber Security Training
  • about me.
  • Information Assurance Jobs
  • Log in

CISA

Full time position as: Vendor Risk Manager

March 30, 2016 by Bruce Brown Leave a Comment

Position: Vendor Risk Manage.

Location: Montvale, NJ

Employment Type : Full Time.

 

Technical/Functional Skills – MUST HAVE SKILLS:-

 

FISAP vendor risk assessment program execution.
ISO 27002 Domain audit/assessments.
Critical Vendor Risk Assessments .
Vendor Risk Management Program Leadership.
CISA, CISSP, or other Risk certification preferred.

 

Technical/Functional Skills   -Good To HAVE SKILLS:-

 

Project management; people management;

client relationship management; excellent oral and written English communications

skilled with MS-PowerPoint; MS-Word; MS-Excel.

Driven to achieve high delivery quality and effectiveness.

 

Roles & Responsibilities:-

 

·        Annual vendor risk assessment compliance program leadership.
·        Vendor Risk Assessment Planning & Scheduling.
·        Vendor reconnaissance and updates with owners.
·        Questionnaire updates and initiation .
·        Manage offshore resource(s), and their activities, results.
·        Assessment Quality Assurance.
·        Establish and track/validate program metrics.
·        Vendor interactions and Issues management.
·        High Risk Vendor Assessments & Interactions .
·        Process Improvement .
·        VRM Best Practices Alignment.

·        Weekly, Quarterly, Ad-Hoc Reporting.

 

 

 

Thanks And Regards,

Ajit Rai 

Ventures Unlimited Inc.
309 Fellowship Road, East Gate Center, Suite 200
Mount Laurel , New Jersey 08054.
Desk: 856-842-1988 Ext 230

Filed Under: cyberspace workforce, DIARMF Jobs, Information Assurance Jobs, risk jobs Tagged With: CISA, CISSP, ISO 27002, Risk certification

Immediate hire for SECURITY ANALYST in Columbia, SC, 29210

March 3, 2016 by Bruce Brown Leave a Comment

Position Title
SECURITY ANALYST  (INFORMATION SECURITY COMPLIANCE)
Position Id
6521-1
Agency
Department of Administration
Duration
4 Months
Work Location
Admin – 4430 Broad River Rd., Columbia, SC, 29210
SCOPE OF THE PROJECT:
THE DIVISION OF INFORMATION SECURITY IS TASKED WITH ENSURING COMPLIANCE WITH STATE GUIDELINES. THIS POSITION WILL BE PERFORMING THOSE SERVICES INCLUDING:
• SUPPORTING AGENCIES DURING THEIR DEVELOPMENT OF THE INFORMATION SECURITY PROGRAM WITH DIRECT TACTICAL IMPLEMENTATION ASSISTANCE.
• DEVELOPING AND TRACKING AGENCY INFORMATION SECURITY IMPLEMENTATION PLANS
• INTERVIEWING ADMINISTRATORS, MANAGERS, AND THIRD PARTIES TO AID IN DEVELOPMENT OF PROGRAM ARTIFACTS
• ENSURING HIGH-LEVEL ASSESSMENTS OF AGENCIES INFOSEC WORK TO ENSURE PROGRESS IS MADE
• PROVIDING HIGH-LEVEL ANALYSIS OF PROCESS AND PROCEDURES WORK TO ENSURE COMPLIANCE WITH STATE STANDARDSDAILY DUTIES / RESPONSIBILITIES:
THIS IMPLEMENTATION ASSISTANCE WOULD INCLUDE, BUT IS NOT LIMITED TO:
• INTERVIEWING BUSINESS AND TECHNICAL OWNERS TO DETERMINE POLICIES AND PROCEDURES USED FOR EACH AGENCY PROCESS
• DEVELOPING AND TRACKING INFOSEC IMPLEMENTATION PLAN PROGRESS
• DOCUMENTING INFORMATION GATHERED DURING BOTH INTERVIEWS AND DOCUMENT REVIEWS TO ASSIST WITH DEVELOPING FORMAL PROCESS AND PROCEDURES
• ASSESSING AGENCY DOCUMENTATION TO ENSURE ADEQUATE APPROACHES ARE USED TO COMPLY WITH CONTROLS
• FACILITATING AGENCY STATUS REPORTING
• COLLABORATING WITH AGENCIES TO PROVIDE RECOMMENDATIONS FOR COMPLIANCEREQUIRED SKILLS (RANK IN ORDER OF IMPORTANCE):
• HAVE COMPLETED AN INFORMATION SECURITY PLAN OR SYSTEM SECURITY PLAN WORKBOOK
• PRIOR EXPERIENCE WORKING WITH FISMA STANDARDS
• MUST HAVE A STRONG WORKING KNOWLEDGE OF NIST 800-53
• PRIOR EXPERIENCE POA&M OR CAP
• STRONG COMMUNICATION EXPERIENCE

PREFERRED SKILLS (RANK IN ORDER OF IMPORTANCE):
• SIMULTANEOUSLY MANAGE MULTIPLE INFOSEC WORK EFFORTS
• STRONG SCHEDULE MANAGEMENT AND RESOURCE PLANNING SKILLS
• ABILITY TO WORK AT A HIGH-VOLUME AND FAST PACE
• STRONG COLLABORATOR AND STRONG ABILITY TO MEET DEADLINES
• MANAGE REGULATORY COMPLIANCE PROJECTS
• ABILITY TO IDENTIFY, MAP, AND RE-EINGINEER BUSINESS PROCESSES

REQUIRED EDUCATION/CERTIFICATIONS:
10+ YEARS OF EXPERIENCE IN INFORMATION SECURITY AND COMPLIANCE EXPERIENCE

REQUIRED CERTIFICATIONS: CISA OR CISSP OR CISM OR GSLC OR EQUIVALENT.

Thanks & Regards
Adam Smith
Associate Recruiter
Phone:908-765-0002 Extn:-277
Fax:     609-228-4044
adams@tscti.com
www.tscti.com

Filed Under: cyberspace workforce, DIARMF Jobs, Information Assurance Jobs, risk jobs Tagged With: CISA, CISM, CISSP, gslc

information technology risk management certifications

June 1, 2014 by Bruce Brown Leave a Comment

The most respected information technology risk management certifications accepted for risk management / IA / computer security positions are the ISC2 CISSP, CISA, CISM, CAP and CISSP-ISSEP.

I will give a quick, down and dirty look at these certification from the perspective of someone in the industry.  This is my personal opinion based on my experience.  I have the CISSP and CAP.   I know many doing IT/security/Risk Management work with one or more  of the listed certifications and have direct experience hiring and teaching for organization looking for risk management professionals.

ISC_2-logo-certification
ISC_2-logo-certification

What is the TOP risk management certification?

The choice of “best” or “top” risk management certification depends on the industry.

Financial industries are very much into the CISA.  The ISACA CISA and CISM are certs that came from the financial industry.  I was surprised to learn that a friend of mine who worked for Ernst & Young as a corporate tax/finance auditor was working on taking the CISA.  When I asked him why, he said that other accountants/financial auditors take that test.  Banks and other financial organizations look highly upon the CISA and CISM.

US Federal organizations heavily favor the CISSP for risk management work.  Within the government, its the gold standard for risk management and Information Security jobs.  So much so that they think that someone with a CISSP can do ANY security job.  It’s very broad in content so its a misconception that a CISSP can perform any security or risk management job.  Its best if the CISSP is accompanied by actual experience with a given subject matter and/or a specific certification that might give indication of knowledge on a subject matter that is not so general.  All of that said, the CISSP is a GREAT certification if you want to get paid well.

The ISC2 CAP, is a great certification for risk management.  It is the most relevant for risk management.  The CAP focuses on the NIST risk management framework.  It breaks the entire process down.  CISSP is really all over the place covering way too many security points.  By contrast, the CISA is all about auditing systems.  The CISM is all about Information Management. The CAP is a solid certification that goes 6 feet deep into pure risk management.  If you are serious about learning risk management for IT, then the ISC2 CAP is for you.

The ISSEP is a step up from the CISSP and the CAP.  Its like a SUPER CAP.  Its an actual concentration of the CISSP.  I noticed that high level risk management positions in the US federal space sometimes ask for it.  It is definitely and Alpha Predator of risk management certifications.  You cannot go higher than this for RMF outside of getting a Masters or PHD in Information Assurance/Information Security or the like.

The problem that I see with the ISSEP (CISSP concentration) is that its a LOT of work for very little extra marketability.  I mean, with an ISSEP you are a 1% in the RMF space but only .01% of the jobs in RMF/C&A category actually require an ISSEP.  What I mean to say is that not many people are looking for the ISSEP.  Its a hard certification because you must first achieve the CISSP.  The ISSEP material is hard, boring and very comprehensive.

Over all the CAP, CISSP and CISA/CISM are the best certifications for a professional in doing Risk Management Framework for IT.

Filed Under: cyberspace workforce, risk jobs, Risk Management For DoD IT Tagged With: CAP, CISA, CISM, CISSP, information technology risk management, information technology risk management certifications, ISSEP, IT Certifications

Primary Sidebar

search


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book


This book is an overview of how the NIST SP 800-37 risk management framework works from the perspective of an information system security officer (ISSO).

also available on Amazon!

View Book

NIST RMF 800-37 templates
Free 800-37 templates

The NIST 800 Template download contains a .doc file template and xls templates for POAMs, Federal, State, cloud based and a legacy template as well as resources where you can find more on NIST 800-37 documents for your use.

View Book

Learn to Make 6 Figures in CyberSecurity

RMF ISSO Foundations Training
RMF ISSO Foundations Training

RMF ISSO Foundations

I was an Information System Security Officer (ISSO) doing Risk Management Framework (NIST SP 800-37) for over a decade. I am a Cybersecurity veteran and I can explain (in plain English) what you DO in the Risk Management Framework process as an ISSO.

View Course

NIST SP 800-37 Presentation
NIST SP 800-37 Presentation

View Course

login

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Posts

  • Convocourses Podcast: Plan of Action and Milestone
  • Start with These IT Certifications (Part 1)
  • How to Tailor Security Controls in NIST 800
  • #cybersecurityjobs are recession proof
  • What IT Certifications for Information Security (part 2) (8140)

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Comments

  • http://Www.Finance.Ipt.Pw/ on SRG/STIG Applicability Guide and Collection Tool Update
  • Elsa7 on ConvoCourses podcast: Cyber Security day to day activity
  • Tony on STIG Update – DISA has released the Microsoft SQL Server 2016 STIG Version 1
  • horloge on SCAP Compliance Checker SCC)
  • 218 Information assurance Success Criteria – ITSECURITYSURVIVAL.COM on Information Assurance Vulnerability Alert

Tags

8140 8570 ArcSight c&a CISSP convocourses cyber cybersecurity cyber security DIACAP DIARMF diarmf - implement disa DISA STIG dodd 8140 dodd 8140 cyberspace workforce IA implement implementation info assurance information assurance information security ISSO IT it jobs it jobs in usa job jobs Linux mcafee network nist nist risk management framework nist risk management framework 800-37 podcast risk risk assessment risk management risk management framework rmf security STIG stigs unix windows


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book

Copyright © 2023 · Author Pro on Genesis Framework · WordPress · Log in