Security Control Assessor

Security Control Assessor 2

Location: Vancouver, WA (On-Site)

Duration: 12-month Contract (with possible extensions up to 5 years)

Pay Range: $46.34 - $49.57 per hour

The role of the Security Control Assessor is to apply and understand principles, policies and procedures that enable an organization to meet applicable information and cyber security laws, regulations, standards and policies to satisfy statutory requirements, perform industry-wide best practices and achieve information and cyber security program goals. Understands, assesses and supports policies and procedures implemented to verify organizational compliance with applicable laws, regulations and/or departmental requirements. Assesses the operational, assurance and technical security controls implemented on information systems via security testing and evaluation (ST&E) methods.

Position Responsibilities:

Perform risk analyses so that appropriate countermeasures can be developed.

Conduct security audits to identify potential vulnerabilities related to physical security, staff safety or asset protection.

Assess operational, assurance and technical security controls implemented on an information system via security testing and evaluation (ST&E) methods.

Understand and assess policies and procedures implemented to protect all categories of information and to verify compliance with applicable laws, regulations and/or departmental requirements.

Recommend improvements in security systems or procedures.

Plan, implement, upgrade or monitor security measures for the protection of computer networks and information.

Maintain, monitor, control and protect IT infrastructure and the information residing on such infrastructure.

Perform a wide variety of data collection, analysis, reporting and briefing activities associated with security operations and maintenance to verify that security policies are implemented and maintained on information systems.

Develop plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.

Review violations of security procedures and discuss procedures with violators to verify that violations are not repeated.

Monitor current reports of computer viruses to determine when to update virus protection systems.

Perform risk assessments and execute system tests to verify that adequate security measures are in place.

Asses the effectiveness of the risk management program to include mitigation strategies.

Modify computer security files to incorporate new software, correct errors, or change individual access status.

Plan implement, upgrade or monitor security measures for the protection of computer networks and information.

Train users and promote security awareness on system security.

Provide security incident handling, response, follow-up as well as documentation.

Respond to computer security breaches and viruses.

Develop documentation of testing and evaluation activity in order to arrive at logical and comprehensive conclusions and recommendations.

Review violations of computer security and emergency measures, policies, procedures and tests.

Document computer security and emergency measures policies, procedures and tests.

Confer with users to discuss issues such as computer data access needs, security violations and programming changes.

Monitor use of data files and regulate access to safeguard information in computer files.

Coordinate implementation of computer system plans with management and outside vendors.

Recommend improvements in security systems or procedures

Provide system design and integration recommendations.

Assess the nature and level of threats so that the scope of the problem can be determined.

Respond to emergency situations on an on-call basis.

Recommend the value-loss impact and criticality of assets.

Encrypt data transmissions and erect firewalls to conceal confidential information as it is being transmitted and to keep out tainted digital transfers.

Provide project management technical expertise for assigned projects.

Position Requirements:

Education & Corresponding Experience

A bachelor's degree in computer science, information technology management, Cyber Security, Forensics, or a closely related technical discipline is preferred.

4 years of experience is required with an applicable bachelor's degree.

6 years of experience is required with an applicable associate degree.

8 years of experience is required without a degree or applicable degree.

Experience should be consistent with the specific requirements of operations analysis, incident response, and progressively more technical in nature.

Required Technical Skills & Experience

Ability to research and maintain proficiency in tools, techniques, countermeasures, and trends in information security, computer and network vulnerabilities, data hiding, network security, and encryption.

Ability to plan, execute and document compliance evaluations both independently and as a team member.

Preferred Skills & Experience

Demonstrated experience with North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards, National Institute of Standards and Technology (NIST) Cybersecurity Framework, and/or NIST SP 800-53 Security and Privacy Controls for Information Systems and Organizations.

Certified Information Systems Security Professional (CISSP) or equivalent.

Everest Consultants offers the following benefits for this position: medical, dental, & vision insurance, short-term disability, life and AD&D insurance, a 401(k)-retirement plan, and a referral bonus program, paid sick/vacation/holidays, and a health and welfare fringe benefit.