818 Consulting

Job description:

We are seeking a highly skilled and motivated Standards and Compliance Assessor to join our team. The Standards and Compliance Assessor will be responsible for conducting independent and comprehensive assessments of the management, operational, and technical security controls within our information technology (IT) systems. This role plays a critical function in ensuring the overall effectiveness of organizational controls, aligning with ISO 27002 and NIST SP 800-37 standards. The successful candidate will have a strong background in information security, compliance, and risk management, coupled with excellent analytical abilities and communication skills.

/en/vulnerability-assessment-analyst-for-isaa

Job responsibilities

• Develop methodologies to monitor and measure risk, compliance, and assurance efforts.
• Establish specifications ensuring adherence to security, resilience, and dependability requirements across software applications, systems, and network environments.
• Draft statements delineating preliminary or residual security risks for system operation.
• Maintain materials pertaining to information systems assurance and accreditation.
• Monitor and evaluate a system's compliance with IT security, resilience, and dependability requirements.
• Assess the effectiveness of security controls.
• Conduct security reviews to identify gaps in security architecture and develop risk management plans.
• Perform risk analysis for applications or systems undergoing significant changes.
• Plan and execute security authorization reviews and develop assurance cases for system and network installations.
• Verify the implementation of application software/network/system security postures, document deviations, and recommend corrective actions.
• Identify applications and operating systems of network devices based on network traffic analysis.

Required qualifications

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field. Master's degree or relevant professional certifications (e.g., CISSP, CISA, CISM, CRISC) preferred.
• 3-5 of years experience in information security, compliance, or related fields.
• Experience in conducting security assessments, audits, or compliance evaluations.
• Proven track record in developing and implementing risk management strategies and security controls.
• Familiarity with security assessment and authorization processes and relevant standards.
• Proficiency in utilizing security assessment tools and methodologies.
• Strong understanding of network security principles and architectures.
• Experience with vulnerability assessment tools and techniques.
• Knowledge of scripting languages (e.g., Python, PowerShell) is a plus.
• Familiarity with security information and event management (SIEM) systems.
• Experience with cloud security principles and practices is desirable.
• Excellent analytical and problem-solving abilities.
• Strong communication and interpersonal skills.
• Detail-oriented mindset with a focus on accuracy.
• Ability to work independently and collaboratively within a team environment.
• Adaptability and willingness to stay updated with the latest trends in cybersecurity.
• Relevant professional certifications such as CISSP, CISA, CISM, CRISC, or equivalent certifications are highly desirable.
• Additional certifications related to specific technologies or frameworks (e.g., CCNA, CEH, CompTIA Security+) would be beneficial.

Required candidate level: Mid level

Additional information