Job #2814: IT
Title:Information Security Consultant / Auditor
Job Location:norwalk CA
***W-2 ONLY. No C2C. ***
Do you want to work for the government? Let us use our contacts to land you a job at LA County!
Global Service Resources is looking for anInformation Security Consultant / Auditor in support of Network Security as part of the Voting Solutions for All People (VSAP) project. The Consultant will serve as a resource to RRCC’s (Registrar-Recorder/ County Clerk) VSAP Team to assess network security and establish National Institute of Standards and Technology (NIST) based security controls and measures.
Pay Rate: Market
Location: Registrar-Recorder/ County Clerk’s Office in Norwalk.
Contract: 12 Months with a high chance of permanent hire.
As part of the Voting Solutions for All People (VSAP) rollout, Los Angeles County RRCC is seeking services to establish network security processes within the department. These controls should adhere to NIST standards. The specific network and security management related duties are described below in this solicitation.
Must meet ALL Minimum Qualifications:
1. A Master’s Degree in Information Security or related program.Provide copy of degree or proof of degree.
2. Current CISSP (Certified Information Systems Security Professional) certification.Provide copy of certificate or proof of certificate.
3. Current CISM (Certified Information Security Manager) certification. Provide copy of certificate or proof of certificate.
4. Seven (7) years of experience within the last ten (10) years working as a Chief Information Security Officer or Director of Information Security, leading a team of information security specialists.
5. Seven (7) years of experience within the last ten (10) years developing, implementing and managing security processes, policies, and programs (BCP, Incident Response Planning, Risk Management, Vulnerability Management, Privacy, and POA&M) to ensure adherence, compliance, and auditing.
6. Three (3) years of experience within the last five (5) years in developing a security framework to ensure data integrity, confidentiality, and security best practices.
7. Three (3) years of experience within the last seven (7) years working with cloudbased solutions. Knowledge of Amazon Web Services is preferred.
Description of Duties:
The Consultant will work closely with the network and security teams at RRCC. The eventual goal is to ensure establishment of a NIST-based network and security framework. This should include processes as well as technological solutions to be implemented within the RRCC.
Assessment of Existing Security Controls
The Consultant shall conduct a security controls assessment that reviews the technology, processes, and organization relating to the VSAP and Election technologies. This will include using a lab toolkit to look for avenues of access to all applications associated with the VSAP program and RRCC systems. If access to any devices or applications is gained, the Consultant will determine what risks exist from unauthorized access. This effort will turn up weaknesses in configurations, settings, or susceptible versions of software and allow the Consultant to recommend steps to remediate the issues. The effort will also include a review of processes and organizational controls, as well as policies and procedures.
Security Controls Development
The Consultant shall develop and document protocols and controls for RRCC to address the shortcomings identified in the assessment. This will help to avoid, counteract and/or minimize security risks for the computer systems attached to VSAP and other connected devices/systems. The security controls being developed shall be based on NIST framework. The Consultant shall document all the processes that encompass adhering to these controls.
Project Management for Security Controls Implementation
The Consultant shall act as the SME lead to implement the documented security plan.
Various VSAP Security Projects
The Consultant shall assist the RRCC in scoping out various security related projects as part of VSAP. These include:
-Penetration testing for Ballot Marking Devices
-Penetration testing of Tally System
-Penetration Testing of Interactive Sample Ballot application
-DDOS testing of public facing applications
-White Hat testing of various systems
***LOS ANGELES COUNTY HAS A RIGOROUS INTERVIEW/HIRING/ON-BOARDING PROCESS DUE TO THE CONFIDENTIALITY OF THE POSITION. PLEASE NOTE THAT PHONE INTERVIEWS, IN-PERSON INTERVIEWS AND BACKGROUND CHECKS MAY TAKE 2 TO 7 WEEKS ALTOGETHER***
Contact us ASAP so we can submit you and get the ball rolling on this great opportunity!
Leslie Delos Reyes
Global Service Resources, Inc.
Direct: (818) 252-9201