• Skip to main content
  • Skip to primary sidebar

ConvoCourses

Cyber Security Compliance and IT Jobs

  • Cyber Security Training
  • about me.
  • Information Assurance Jobs
  • Log in

security compliance

cybersecurity compliance project manager alexandia VA job

February 22, 2020 by cyberaware2 Leave a Comment

check out the courses:
http://convocourses.com

Job Title: #Cybersecurity #Compliance Project Manager
Job Location: Alexandria, VA, US
Project Length: Long Term

Clearance Requirement: Active Secret clearance.

Key Role:
Serve as a Task Lead responsible for the creation of a Cybersecurity Governance, Risk, and Compliance (GRC) team assessment program for a DoD organization. Design, develop, and implement the assessment program independently to measure Cyber GRC metrics, determine readiness for audits and inspections based on DoD policies and NIST standards, identify risks, and provide automated remediation plans. Work to improve communication and enhance the organization’s security posture through risk assessment preparation. Perform blind, non-punitive readiness assessments for organizational units to provide a preparatory remediation plan for upcoming inspections. Measure the effectiveness of the GRC programs and provide leadership with an unfiltered view of the organization’s security posture, measuring the balance between its objectives and risk profile. Recommend strategic enhancements and structural improvements for a compliance division.

Basic Qualifications:
10+ years of experience with Cybersecurity.
Ability to design, develop, and manage the implementation of risk assessment process methodology and tools, including eMASS.
Ability to communicate effectively and professionally in a fast-paced client-environment.
BA or BS degree in a Technology, IT, or Cybersecurity field.
DoD 8140 and 8570 IAM level II Certification.

Additional Qualifications:
Experience with GRC and assessment processes.
Experience with DoD 8500 series, NIST SP 800 series, DoD regulations, and instructions, including DoDI 8140-01, DoDI 8530.01, CJCSI 6510.01, and the Risk Management Framework (RMF).
Experience with briefing senior government officials at the General Officer and SES-levels.
PMP Certification.

Direct: 703-653-0218
karthik@param-solutions.com
https://recruiting-as-a-service.param…

https://param-solutions.com/careers

Filed Under: cyberspace workforce, DIARMF Jobs, Information Assurance Jobs, information system compliance, IT Security Jobs, Risk Management For DoD IT, security compliance Tagged With: 8570, and the Risk Management Framework (RMF), CJCSI 6510.01, cybersecurity compliance, dod 8530, DoDI 8140-01, DoDI 8530.01, emass, grc, nist 800, NIST 800-37, NIST 800-53, pmp, program management, security compliance

What is payment card industry PCI data security standard DSS?

July 2, 2018 by cyberaware2 Leave a Comment

What is payment card industry PCI data security standard DSS?

I got the chance to talk to a Payment Card Industry (PCI) professional. James is in the PCI IT industry and tells about it from inside the field. It is a great opportunity to learn about this growing career path.

We talked about how the PCI security standard compares to the Risk Management Framework.

Here are some of the resources we talked about:
https://www.pcisecuritystandards.org/pci_security/
https://www.pcicomplianceguide.org/

Enroll to learn MORE on security compliance:
https://securitycompliance.thinkific.com

Filed Under: PCI DSS, security compliance Tagged With: PCI, PCI DSS, security compliance, What is payment card industry PCI data security standard DSS

Security Compliance Engineer opportunity in Page, AZ

January 6, 2016 by Bruce Brown Leave a Comment

U.S. CITIZENSHIP IS REQUIRED

ISYS Technologies is currently hiring a Security Compliance Analyst to support a government customer in Page, Arizona. Job duties will include, but may not be limited to:

Perform IT security assessments and other technical evaluations, develop and implement technical processes and procedures, conduct technical vulnerability assessments, analyze vulnerabilities and develop remediation plans.

Develop and maintain configuration baselines, document and implement continuous diagnostics and monitoring processes, procedures and tools, and develop recommendations for improving the o verall CRSP security and compliance posture.

Provide technical assistance in the development, maintenance and implementation of IT compliance requirements.

Provide version control for information, documents, software, hardware, and other services to ensure that users are provided correct and current information.

Provide periodic assistance with completing data calls, analyses, or other requests for information related to IT compliance activities.

Document and assess all available IT security patches for applicability to approximately 141 CRSP IT devices located across the UC Region within 30 calendar days of patch or upgrade availability.

Test, document, install, and verify all security related patches and anti-virus and malware prevention updates on approximately 141 CRSP IT devices.

Document compensating measures to mitigate risk exposure in any case where a security patch is not installed.

Revise CRSP patch, anti-virus, malware-prevention, and vulnerability management processes and procedures.

Train UC personnel on updated CRSP patch, anti-virus, and vulnerability management processes and procedures.

Implement UC job plans for the updated CRSP patch, anti-virus, and vulnerability management processes and procedures.

Perform and document Cyber Vulnerability Assessments on CRSP IT devices, document action plans to mitigate identified vulnerabilities and track and document the execution status of any required action plans.
Convert system shared accounts on CRSP devices to individual accounts where technically feasible.

Develop a process to ensure that all individual and shared account passwords are changed in accordance with IT security compliance requirements and incorporate that new process into CRSP Access Control procedures.

Identify transferred and/or terminated personnel who had been granted access to embedded accounts but have since been transferred or terminated and verify that physical and system level logical access has been removed.

Ensure that all individual and shared accounts that require password changes are changed in accordance with access control procedures.

Establish, implement and document technical controls to ensure that individual and shared system accounts and authorized access permissions are consistent with the concept of ‘need-to-know’.

Conduct IT security assessments of CRSP systems, following NIST Special Publication 800-53A guidance (current version) in support of the Annual Assurance Statement.

Document comprehensive security assessment results that include a full description of the weaknesses and deficiencies discovered during an assessment, the potential for compromise, weakness impact and specific recommendations to remediate any findings.  Security assessment results must be documented in the Cyber Security Assessment Management (CSAM) system.

Provide IT security expertise related to incident response, contingency plans, risk assessments and security impact analyses.

Monitor, track and update Plan of Action and Milestones (POA&Ms) within CSAM.

Develop and implement POA&M remediation schedules.

Document Weakness Completion Verification Forms (WCVF) for POA&Ms for planned Risk Acceptance and/or closure due to remediation.

 

Minimum Qualifications

Minimum of 5 years’ e xperience and knowledge of: Security Patch and Vulnerability Management Cyber Vulnerability Assessments on CRSP IT devises NIST Special Publication 800-53A

Knowledge of ICS technology components (Remote Terminal Units(RTU), Programmable Logic Controllers (PLCs), relays, sensors, switches etc.), protocols (TCP/IP, DNS, Modbus, Profibus, Common Industrial Protocol etc.) and ICS systems (Supervisory Control and Data Acquisition (SCADA), Physical Access Control Systems (PACS)).

Knowledge and experience in planning, developing, implementing, and executing IT services to support the planning, development, implementation, and execution of UCPO NERC-CIP v3 and v5 and FISMA IT security compliance activities.

Operational experience with CRSP operating systems and device types to include: 65 SEL 3021 encryption devices; 2 AIX 4.3.3 FEPs; 9Solaris 8 servers; 2 Windows 2000 servers; 1 Windows 2000 workstation; 4 Windows XP workstations; 11 Windows 7 workstation; 5 Windows 2008 R2 servers; 2 RedHat servers; 10 Cisco Switches, 6 Cisco Routers, 1 Cisco PIX, 1 HP printer; 5 Lenel LNL-3300 boards; 2 Pelco DVRs; and 12 GE D20 RTUs.

Security patching and vulnerability management experience to include performing assessment, testing, installation and documentation for security patch upgrades and anti-virus/malware-prevention.

Experience conducting technical vulnerability assessments, analyzing vulnerabilities and developing, documenting and tracking remediation plans.

Knowledge of network security architecture concepts including topology, protocols, components and principles (e.g. application of Defense-in-Depth).

Experience conducting and documenting IT security control assessments that adhere to NIST Special Publication 800-53A guidance (current version).

Extensive experience in completing IT security and compliance standards, plans, processes, procedures, training materials, and templates for organization-wide use.

Government contracting knowledge and experience.

Knowledge and expertise in applying industry-endorsed best practices, and IT security and compliance frameworks/principles to include relevant certifications.

Ability to work with a range of customers or users and tec hnical personnel in a professional and courteous manner on technical and non-technical issues.

ISYS Technologies is an Engineering and Information Technology Company focused on providing Services to the Federal and State Government. ISYS offers a competitive compensation program and comprehensive benefits package to our employees including Health/Dental/Vision/PTO/OT Bonus and more. ISYS Technologies is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, or status as a protected veteran.

 

Recruiting Manager/Account Manager : ISYS Technologies

801 W. Mineral Ave #105, Littleton, CO 80120 

7222 Commerce Center Drive, #108, Colorado Springs, CO 80919

Primary:  303-290-8922

 

Click here to view current job openings.

Filed Under: cyberspace workforce Tagged With: arizona, cyber, page, security compliance, security compliance engineer

Primary Sidebar

search


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book


This book is an overview of how the NIST SP 800-37 risk management framework works from the perspective of an information system security officer (ISSO).

also available on Amazon!

View Book

NIST RMF 800-37 templates
Free 800-37 templates

The NIST 800 Template download contains a .doc file template and xls templates for POAMs, Federal, State, cloud based and a legacy template as well as resources where you can find more on NIST 800-37 documents for your use.

View Book

Learn to Make 6 Figures in CyberSecurity

RMF ISSO Foundations Training
RMF ISSO Foundations Training

RMF ISSO Foundations

I was an Information System Security Officer (ISSO) doing Risk Management Framework (NIST SP 800-37) for over a decade. I am a Cybersecurity veteran and I can explain (in plain English) what you DO in the Risk Management Framework process as an ISSO.

View Course

NIST SP 800-37 Presentation
NIST SP 800-37 Presentation

View Course

login

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Posts

  • Convocourses Podcast: Plan of Action and Milestone
  • Start with These IT Certifications (Part 1)
  • How to Tailor Security Controls in NIST 800
  • #cybersecurityjobs are recession proof
  • What IT Certifications for Information Security (part 2) (8140)

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Comments

  • http://Www.Finance.Ipt.Pw/ on SRG/STIG Applicability Guide and Collection Tool Update
  • Elsa7 on ConvoCourses podcast: Cyber Security day to day activity
  • Tony on STIG Update – DISA has released the Microsoft SQL Server 2016 STIG Version 1
  • horloge on SCAP Compliance Checker SCC)
  • 218 Information assurance Success Criteria – ITSECURITYSURVIVAL.COM on Information Assurance Vulnerability Alert

Tags

8140 8570 ArcSight c&a CISSP convocourses cyber cybersecurity cyber security DIACAP DIARMF diarmf - implement disa DISA STIG dodd 8140 dodd 8140 cyberspace workforce IA implement implementation info assurance information assurance information security ISSO IT it jobs it jobs in usa job jobs Linux mcafee network nist nist risk management framework nist risk management framework 800-37 podcast risk risk assessment risk management risk management framework rmf security STIG stigs unix windows


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book

Copyright © 2023 · Author Pro on Genesis Framework · WordPress · Log in