|Title / Titre
||Information Security Consultant
Start Date: May 1, 2013
End Date: December 31, 2013
Our enterprise client in the Oil and Gas industry is seeking an Information Security Consultants for this contract role.
Our client is seeking seasoned I.T. Security and Risk management Professionals to assist in performing IT compliance and vulnerability assessments, with a business oriented focus. The successful candidates will also be tasked with leading the remediation of identified IT control gaps and vulnerabilities within the appropriate timelines.
- Map IT controls, threats and risks to existing applications and systems
- Perform IT compliance assessments in accordance with existing corporate policies and procedures
- Analyze and classify results of IT compliance and vulnerability assessments, using a risk based approach
- Prepare, summarize and report the results of IT compliance and vulnerability assessments
- Safely operate technology tools supporting the IT compliance and vulnerability assessment program
- Execute risk treatment processes following IT compliance and vulnerability assessments in accordance with the existing risk response framework
- Provide guidance to system owners in selecting risk treatment following IT compliance and vulnerability assessments
- Identify the top three risks for application systems, based on the results of the IT compliance assessments
- IT Risk Management
- IT Compliance
- IT Vulnerability Assessment
- A minimum of 5-6 years of experience in the field of Information Security, IT Audit or related disciplines.
- Experience with scoping and scheduling IT compliance assessments and associated activities, mapping IT controls to IT systems, applications, and networks.
- Solid understanding of IT controls, how to interpret requirements defined in IT control/policy statements
- Ability to interact with control owners at a technical level to make a determination of the status of controls
- Ability to communicate the business implication of deficient controls to system owners
- Understanding of commonly-used concepts, practices, and procedures in the Information Security field including operating systems and network security, application security, vulnerability analysis, encryption technologies, intrusion detection, incident response, business continuity management, etc. to be able to provide guidance to system owners in selecting risk treatment options.
- Strong time management and organizational skills.
- Ability to effectively interact with personnel involved in policy, technical, operational, and program management work.
- Excellent communication skills including technical and business writing, documentation and presentation skills.
- University degree in Computer Sciences, Engineering, Audit, Business or related disciplines; and
- Possession or working toward achieving the following professional qualifications: CISSP, CRISC, CISM, CISA.