This is a long-term contract with our one of our large public sector clients in the LA region (approx. 12 mth, can extend YoY).
SCOPE OF WORK
The engagement will include a dedicated onsite technical resource to accomplish certain objectives related to establishing and improving security and privacy controls for the client.
DUTIES AND RESPONSIBILITIES
The Consultant shall perform all of the duties listed below:
- Security controls assessment – Contractor shall conduct a security controls assessment that reviews the technology, processes, and organization relating to the client’s technologies. This will include using a lab toolkit to look for avenues of access to all applications associated with the client’s systems. If access to any devices or applications is gained, the contractor will determine what risks exist from unauthorized access. This effort will turn up weaknesses in configurations, settings, or susceptible versions of software and allow the contractor to recommend steps to remediate the issues. The effort will also include a review of processes and organizational controls, as well as policies and procedures.
- Security controls development – Contractor shall develop and document protocols and controls for the client to address the shortcomings identified in Task 1. This will help to avoid, counteract and/or minimize security risks for the computer systems attached to the client’s connected devices/systems. The security controls being developed shall be based on NIST framework. The contractor shall document all the processes that encompass adhering to these controls.
- Project Management for security controls implementation – Contractor shall act as the SME lead to implement the documented security plan.
- Scope out various security projects for the department — The contractor shall assist department in scoping out various security related projects. These include, but are not limited to:
- Penetration testing for devices
- DDOS testing of public facing applications
- White Hat testing of various systems
- Vendor selection and management – Contractor shall provide direction in the development of RFI/RFPs in support of the client’s Information Security goals. This includes documenting IT requirements, participating in the evaluation of vendor proposals, providing questions to clarify vendor solutions and provide input on the vendor selection process. Ultimately, the contractor will provide a leadership role in managing requirements and uncovering new solutions.
The Consultant must meet all of the following minimum qualifications:
- At least 7 years of security experience
- CISSP (Certified Information Systems Security Professional) certification
- CISM (Certified Information Security Manager) certification
We encourage you to highlight how your unique expertise, experience and capabilities would help both IMPEX and our customers grow.