Security Control Assessor #34926

Company Info
VanderHouwen
Portland, OR, United States

Phone: 503.299.6811
Web Site: http://www.vanderhouwen.com/

Company Profile
col-narrow   

Title:

Security Control Assessor #34926

Location:

Vancouver, WA 

Job ID:

27581
col-wide   

Job Description:

Security Control Assessor #34926

12 MONTH CONTRACT

VanderHouwen has more jobs you may like!  Find them here: http://bit.ly/2enTpQN
 

Security Control Assessor
The Security Control Assessor serves as a cyber-security professional for the evaluation, audit, recommendation, development and implementation of operational cyber security controls and compliance, processes, guidelines, and projects to safeguard critical cyber assets that are necessary for reliable and secure operation of the Bulk Electric System (BES). This position will serve as a hands-on auditor who performs non-intrusive testing of Information Technology (IT) security controls.  This position will work closely with the Cyber Security organization evaluating the existence and adequacy of current IT security controls, as well as develop documentation of testing and evaluation activity in order to arrive at logical and comprehensive conclusions and recommendations.  The position will be expected to successfully document the resulting findings, weaknesses and vulnerabilities in a manner sufficient for a third-party reviewer to arrive at the conclusion the Security Analyst has reached in the work.

This position is located in Vancouver, WA and may be required to work non-core hours as requested. Approximately 10% travel is anticipated; travel will primarily be for meetings and/or training attendance, but may also include occasional visits to districts in the operations region that include field locations where Personal Protective Equipment (PPE) is required, a valid state driver’s license is also required. Up to 10% overtime is anticipated.

Security Control Assessor Responsibilities
Provide technical input, recommendations and assistance with the implementation of both higher and granular-level cyber security approaches, methods and solutions that incorporate and maintain compliance to requirements resulting from laws, regulations, or Presidential directives.
Develop / draft, recommend and execute management-approved testing plans; report results and recommendations.
Provide security engineering expertise and recommendations.
In collaboration with the manager and per established procedures, provide security incident handling, response and follow-up, including accurate, comprehensive applicable documentation.
Perform detailed and comprehensive security event and intrusion analysis.
Provide guidance and input in to technical reviews of proposed projects, and system security certification and accreditation process.
Provide technical input and support to the Continuous Assessment and Monitoring Program.
Draft and recommend detailed project plans, timelines, milestones and objectives for upgrades, patches and other changes and/or for monitoring security measures for the protection of Transmission computer networks and information. 
Validate and document appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure.
Document system security plans and collaborate and assist with draft policies, processes and procedures that are applicable to and promote Transmission security program.
Keep abreast of current and new security technologies and threats.
Identify the need or potential opportunity for changes based on new security technologies and threats; present recommendations and supportive data for consideration.
Research and review proposed new systems, networks, and software designs for potential security risks and impacts; recommend mitigation, countermeasures or other options.
Identify integration issues related to the implementation of new systems within the existing infrastructure; recommend mitigation and/or resolution options.
Create / draft and provide accurate, adequate and detailed documentation of analyses, tests, evaluations, project status, recommendations and other security activities as requested and/or required.
May be required to work overtime and/or non-core hours as circumstances warrant.

Security Control Assessor Qualifications
Bachelor of Science in Computer Science, Information Technology or a related technical discipline is highly preferred. Candidates lacking an applicable bachelor’s degree require additional years applicable experience (see below).

Experience - Experience or demonstrated capability must include:
Experience evaluating the adequacy and existence of IT security controls.
Having properly documented evidence of testing and evaluation activities sufficient for a third-party reviewer to arrive at the conclusion the Security Analyst has reached in the work.

Level 2 requires 5 -9+ years of experience.  (9+ years of experience is required without a Bachelors degree)

One of the following networking or security certifications or equivalent are required:
Certified Information Systems Security Professional (CISSP)
Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM)
Cisco Certified Network Associate – Security (CCNA Security).

1 + year experience performing security control testing and/or vulnerability assessments is required.
2 + years’ experience with North American Electric Reliability Corporation, Critical Infrastructure Protection (NERC CIP) regulatory standards and requirements.
2+ years’ experience with the Risk Management Framework and the 800 series of National Institute of Standards & Technology (NIST) Special Publications (in particular 800-37, 800-39, 800-53, 800-53A, and 800-115).

Knowledge and experience with the following is highly preferred:
Knowledge of United States (US) Government security authorization policies and processes
Knowledge of networking and internetworking (e.g. routing, switching etc.), computer and network device operating systems (e.g. Windows, Unix, Linux, IOS etc.), firewalls, and general security engineering concepts.
Knowledge of intrusion detection and/or intrusion prevention system (IDS/IPS) technologies and deployment strategies.
Knowledge of computer and network security incident/event auditing and analysis.
Knowledge of networking and internetworking protocols and their associated vulnerabilities.
Knowledge of vulnerability research methodologies and sources.

General Skill Requirements
Ability to research and maintain proficiency in tools, techniques, countermeasures, and trends in information security, computer and network vulnerabilities, data hiding, network security, and encryption;
Ability to independently and, as a team member, plan, execute and document security tests and evaluations;
Ability to perform analysis of in-place technical and non-technical security controls protecting information and information systems;
Ability to clearly communicate results, findings, and recommendations;
Possess strong technical writing skills and verbal communication skills;
Able to perform successfully in a team environment;
Organization and information-gathering skills;
Technical writing and reporting, including managing related documentation and files;
Ability to apply technical and English language skills to communicate effectively via telephone, e-mail correspondence, and in-person meetings;
Carry out assigned tasks with a professional demeanor, as exhibited in excellent written and oral communication skills, listening skills, patience, logical and sound reasoning, and problem-solving approach;
Ability to meet timelines, milestones, deliverables, and provide timely status updates on assigned tasks;
Obtain appropriate manager / personnel approval for all recommendations and drafted materials
Ensure proper identification of self as a contract worker in all communications, correspondence, etc.

Benefits
Benefits are available to eligible VanderHouwen contractors and include coverage for medical, dental, vision, life insurance, short and long term disability, matching 401k, plus paid holidays and paid vacation time.

About VanderHouwen
VanderHouwen is an award-winning, Women-Owned, WBENC certified professional staffing firm. Founded in 1987, VanderHouwen has been successfully placing experienced professionals throughout the Pacific Northwest and nationwide.  Our recruitment teams are highly specialized in either Technology and IT, Engineering, or Accounting and Finance career markets. Our recruiters value building meaningful, professional relationships with each candidate as well as developing honed knowledge of companies' staffing needs and workplaces. Partner with us to land your next exciting career.

VanderHouwen
Locally founded, women-owned, and nationally certified with WBENC, VanderHouwen is a premier staffing provider of technology, engineering, finance and accounting professionals. Our unique family-owned company offers individualized staffing services and solutions to our clients and candidates, creating value for everyone. Our President’s work ethic not only serves as the foundation of our company, but drives the commitment to individual attention which infuses our culture. VanderHouwen values building meaningful, professional relationships with each client as well as developing in-depth knowledge of their staffing needs and workplaces. We offer our eligible employees competitive benefits including medical, dental, vision, long/short term care, 401k, and life insurance.

6342 SW Macadam Ave. • Portland, Oregon 97239
P| 503.299.6811  TF| 888.299.6811  F| 503.224.6181 | http://www.vanderhouwen.com