Information Security Specialist

Information Security Specialist

Company: Cloudinfo Inc Location: San Francisco, CA (On-site) Employment Type: Contract Salary: $50-55/hour Education Level: Bachelor’s Experience Level: Expert and leadership (9+ years)

Client: CA State Client

Job Description

Mandatory Qualifications

• A minimum of five (5) years of experience in Risk and Privacy management, Enterprise Risk Management, Insider Threat, Supply Chain Risk Management, Privacy Policies, Procedures, and Standards.
• Possession of a bachelor’s degree in an IT-related or Engineering field. Additional qualifying experience may be substituted for the required education on a year-for-year basis.

Desired Qualifications

• Minimum of four (4) years of experience in developing, implementing, and managing Enterprise Risk Management (ERM) programs, including the methodologies, frameworks, and governance structures utilized while aligning risk management activities with organization objectives and regulatory requirements.
• Minimum of four (4) years of experience and advanced-level skills in establishing, governing, and overseeing Insider Threat Programs, including the development of policies, governance frameworks, risk assessment methodologies, and monitoring processes.
• Minimum of four (4) years of experience in developing and implementing risk metrics, key risk indicators (KRIs), risk reporting processes, and risk appetite frameworks within a complex organization.
• Minimum of four (4) years of experience in developing, maintaining, and managing risk repositories, including the collection, analysis, and reporting of risk data to support enterprise risk management and cybersecurity initiatives.
• Minimum of three (3) years of experience in developing and delivering knowledge transfer activities, including training sessions, workshops, mentoring, and stakeholder engagement to ensure the successful transition of security processes and capabilities.
• Minimum of three (3) years of experience in designing, implementing, and governing Insider Threat Risks, including alignment with IRS Publication 1075, NIST 800-53, SIMM, SAM 5300 and other applicable security and privacy risks.
• Minimum of three (3) years of experience in performing quantitative and qualitative risk assessments, including the use of impact, likelihood, and velocity factors to evaluate and prioritize cybersecurity and enterprise risks.
• Minimum of three (3) years of experience in establishing, maintaining, and managing an Enterprise Risk Register, including the processes and tools used to identify, document, assess, and track information security and enterprise risks.
• Minimum of three (3) years of experience supporting audit readiness activities, including the development, review, and maintenance of security documentation to ensure compliance with IRS Safeguards, California Department of Technology (CDT) Independent Security Assessment (ISA) requirements, and other applicable regulatory frameworks.
• Minimum of three (3) years of experience in identifying, assessing, monitoring, and mitigating risks associated with Personally Identifiable Information (PII) and Federal Tax Information (FTI).

Skills

• Network Security
• Risk Assessment
• Incident Response
• Data Encryption
• Vulnerability Management
• Compliance Auditing
• Security Information Systems