Tech Providers,

Information Security Risk & Compliance

6 days ago
PayCompetitive
LocationAlhambra/California
Employment typeContract

What's your preference?

Apply with job updates

  • Job Description

      Req#: 25-04066

      Role: Information Security Risk & Compliance
      Duration: 12+ months contract
      Location: Alhambra, CA (Onsite)

      Position Description:

      • An Information Security Specialist interprets information security policies, standards and other requirements as they relate to internal information system and coordinates the implementation of these and other information security requirements.
      • The Information Security Specialist redesigns and reengineers internal information handling processes so that information is appropriately protected from a wide variety of problems including unauthorized disclosure, unauthorized use, inappropriate modification, premature deletion, and unavailability.
      • The Information Security Specialist will provide highly specialized experience in one or more information, computer, or network security disciplines (e.g. penetration testing, accreditation, or risk assessment and mitigation); develop system security plans, certification and accreditation reviews; analyze and establish processes for comprehensive systems and data protection; assess and mitigate system security threats and risks; perform security audits, evaluation, risk assessments and make a strategic recommendations; and manages, supports, installs and maintains security tools and systems, and tracks security patches and incidents.

      Skills Required:
      • The Information Security Specialist will possess knowledge and experience in standard methodologies used in certification and accreditation processes; extensive experience following NIST guidelines in risk assessment and management; conducting vulnerability analysis; developing mitigation plans; and performing penetration testing, password protection testing and application security testing.
      • Demonstrated expertise in governance, risk management, and cybersecurity compliance, including the development and implementation of policies, standards, and control frameworks.
      • Strong working knowledge of information security regulations and industry frameworks such as NIST (800-53, CSF), ISO/IEC 27001, and PCI DSS, with the ability to map controls and assess compliance.
      • Experience conducting risk assessments, control evaluations, and compliance audits to support enterprise-wide GRC initiatives.
      • Familiarity with vulnerability management, threat intelligence analysis, and security architecture design in support of risk and compliance objectives.
      • Understanding of encryption technologies and data protection principles as they relate to governance and regulatory obligations.
      • Foundational knowledge of technical environments including IT security, networking, and systems administration, with awareness of tools such as SIEM (e.g., Microsoft Sentinel), firewalls, and other endpoint/network security platforms.

      Experience Required:
      • This classification must have a minimum of five (5) years of experience applying security policies, standards, testing, modification and implementation. At least three (3) years of that experience must be in information security analysis.
      • 3+ years of experience within each of the following:
      • Applying risk management principles, including conducting audits, security assessments, and interpreting industry-standard security frameworks (e.g., NIST, ISO 27001, CIS).
      • Conducting and supporting security operations, control assessments, audit remediation, and enterprise risk governance initiatives.
      • Performing information security risk assessments, evaluating control effectiveness, and analyzing risk impact for technology initiatives and third-party integrations.
      • Participating in incident response processes, including detection, containment, and post-incident analysis.
      • Managing the security of complex, multi-platform IT environments, including various operating systems, software suites, and network protocols, within a large organization.

      Education Required:
      • This classification requires the possession of a bachelor’s degree in an IT-related or Engineering field.
      • Additional qualifying experience may be substituted for the required education on a year-for-year basis.
      • One (1) or more industry-recognized Certifications in Security:
      • CISSP (Certified Information Systems Security Professional)
      • CRISC – Certified in Risk and Information Systems Control
      • CISA – Certified Information Systems Auditor
      • CISM (Certified Information Security Manager)

  • About the company

      Tech Providers, one of the leading IT recruitment agencies, matches top IT candidates with top technology job opportunities. Contact us today!

Notice

Talentify is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.

Talentify provides reasonable accommodations to qualified applicants with disabilities, including disabled veterans. Request assistance at accessibility@talentify.io or 407-000-0000.

Federal law requires every new hire to complete Form I-9 and present proof of identity and U.S. work eligibility.

An Automated Employment Decision Tool (AEDT) will score your job-related skills and responses. Bias-audit & data-use details: www.talentify.io/bias-audit-report. NYC applicants may request an alternative process or accommodation at aedt@talentify.io or 407-000-0000.

Other job opportunities

remote senior security compliance analyst
chief information security officer remote jobs
remote compliance jobs
remote credit risk management careers pittsburgh
third party risk management jobs remote
Information Security Risk Compliance remote jobs
More information about Tech Providers,