Vacancy expired!
Job Purpose:The Information Security Management (ISM) Office is responsible for ensuring the security of IT assets and systems within the Department. A key component of that is done by initiating and analyzing system security risk assessments. This position supports the System Security Risk Assessment and Risk Management function of the Florida Department of Transportation. These functions are described in The Florida Cybersecurity Standards, F.A.C. 60GG-2. Under direction of the ISM, this position will be responsible for coordination and guiding completion of the system security review assessment process; supporting the Risk Steering Workgroup; working with the ISM to develop the process for third-party vendor risk assessments; and once the process is developed - coordinating and guiding completion of third-party vendor risk assessment. The candidate must have an understanding and/or experience with risk and compliance work - including identifying the appropriate standards set, assessing if a system meets standards, and then documenting and communicating the concerns to the System Owner/System Coordinator. The goal of this process is to identify security controls that would be most appropriate for a system based on the security risk the system poses. This position is not expected to be a technical expert in security controls for systems; but is expected to understand general information technology concepts that would allow them to grasp and advance the process and goals, as well as become more knowledgeable of security controls over time.This position will also assist the ISM in expanding and formalizing the risk management function, which includes Developing and maintaining a risk register; proactively tracking and documenting risk and presenting it to the Risk Steering Workgroup for review and appropriate action. Communication is critical to this position. This position must be able to explain this process to System Developers, System Owners, and Project Managers so that they understand the importance of the risk reviews. This position must be able to communicate risk issues to business staff at all levels of the organization. This position must be a champion for this process and should proactively create marketing material regarding the process for review. This position will also assist the ISM in expanding FDOT’s third-party risk assessment program, and risk escalation/risk steering workgroup. Documentation of policies, procedures, user instructions, etc. will be required of this position.Must have strong organizational and project management skills and excellent writing and editing skills. Must understand risk-based decision making. Must be self-directed, professional, and willing to take ownership of this important process. Primary Job Duties/Tasks:Duties and Responsibilities will include but are not limited to:1. Initiate System Security Risk Assessments on systems being implemented within the Department. This includes systems written by FDOT staff/consultants, commercial off the shelf (COTS) systems or Software as a Service (SaaS) offerings.2. Develop and use reports and metrics to identify a risk-based approach to addressing systems that have not undergone a system security risk assessment. 3. Keep track of status and ensure progress of system security risk assessments.4. Work with ISM Team to develop Policies, Procedures and Guidelines supporting the Risk Assessment process.5. Perform Quality Assurance of submitted risk assessments prior to review by Security Analysts.6. Translates technical and/or complicated information related to the system security risk management process into clear, concise documents appropriate for various target audiences.7. Research, learn and understand the chosen SaaS platform and be able to educate end users including ISM Team Members, Project Managers, and others.8. Serve as the primary point-of-contact on the effort to move from existing system security risk assessment process to the new SaaS system.9. Gather and document business and technical requirements, which lead to improved Security policies, procedures, and products within the Department. About the Candidate:
QualificationsBachelor’s Degree in an Information Technology field, Computer Science, Management Information Systems, Cybersecurity, Business Administration, Audit, or other related field. Or equivalent work experience.Required ExperienceTypically has 3 to 5 years of business management, information technology support or management, application development, information security, project management, risk and compliance, or audit. Job Specific Knowledge, skills and abilities1. Knowledge of risk-based decision-making practices.2. Knowledge of typical project management processes.3. Knowledge of basic Information Technology concepts dealing with networks, application development and implementation, and common security tools.4. Knowledge of information security concepts.5. Knowledge in the use of common Microsoft tools (Word, Excel, Teams, Outlook).6. Ability to write effective and concise technical documentation for SaaS or COTS applications.7. Ability to document and analyze business processes to support the system conversion.8. Ability to display professionalism in dealing with all levels of management and staff9. Ability to exhibit creativity and resourcefulness at problem-solving while collaborating and working effectively with others across varied disciplines. General Knowledge, skills and abilitiesThe submitted candidate must be able to apply common knowledge, skills, and abilities in the following areas:1. Communication: Have the ability to clearly convey information, in both written and verbal formats, to individuals or groups in a wide variety of settings (i.e.; project team meetings, management presentations, etc.). Must have the ability to effectively listen and process information provided by others.2. Customer Service: Works well with clients and customers (i.e.; business office, public, or other agencies). Able to assess the needs of the customer, provide information or assistance to satisfy expectations or resolve a problem.3. Decision Making: Makes sound, well-informed, and objective decisions.4. Flexibility: Is open to change, new processes (or process improvement), and new information. Has the ability to adapt in response to new information, changing conditions, or unexpected obstacles. Ability to receive and give constructive criticism, and maintain effective work relationships with others.5. Interpersonal: Shows friendliness, courtesy, understanding, and politeness to others.6. Leadership: Motivates, encourages, and challenges others. Is able to adapt leadership styles in a variety of situations.7. Problem Solving: Able to identify, evaluate, and use sound judgement to generate and evaluate alternative actions, and make recommendations as accordingly.8. Team Building: Encourages, inspires, and guides others toward accomplishing the common goal.9. Quality Assurance: Knowledge of the ideologies, techniques and tools for quality assurance and control. The ability to put the ideologies, techniques, and tools into practice. About ArnAmy, Inc.:ArnAmy, Inc. is a leading information technology consulting and software development firm in Tallahassee, FL since 2007. ArnAmy has been providing high quality services to clients and prides itself in implementing dependable solutions to ensure client's success. ArnAmy is formed and led by principle centered leaders with Subject Matter Expertise in all disciplines of Information Technology. Company has proven record of 100% successful projects and 100% satisfied clients, and employees. We are inviting bright professionals with integrity and have passion to achieve higher goals to join our award winning (Tallahassee’s BEST in IT Solutions – 2017 &2016) excellent and talented team.ArnAmy, Inc. provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability or marital status. Women and Minorities are encouraged to apply.PLEASE SEND RESUMES AND SALARY EXPECTATIONS TO THANK YOU!- ID: #42835391
- State: Florida Tallahassee 32301 Tallahassee USA
- City: Tallahassee
- Salary: $50 - $57
- Job type: Contract
- Showed: 2022-06-11
- Deadline: 2022-08-08
- Category: Et cetera