Principal Information Security Specialist

Neustar, Inc. Sterling , VA 20163

Posted 2 weeks ago

Neustar is an information services and technology company and a leader in identity resolution providing the data and technology that enables trusted connections between companies and people at the moments that matter most. More information is available at https://www.home.neustar.

Job Requisition:

R-3257 Principal Information Security Specialist (Open)

Primary Location:

Sterling, Virginia

Job Description:

Principal Information Security Specialist

Neustar's Information Security Governance, Risk & Compliance (GRC) Team is responsible for driving enterprise wide GRC best practices and processes throughout the organization, while ensuring that leadership has needed information to make strategic decisions for enablement in achieving global business objectives.

The Principal Information Security Specialist will be responsible for driving Information Security GRC best practices and processes throughout the organization, balancing business priorities, information security risks, emerging threats, and ensuring the confidentiality, integrity and availability of the company's networks, systems and applications.

The key requirements for this role include:

  • Demonstrate a strong knowledge and understanding of Information Security with respect to Confidentiality, Integrity & Availability.

  • Collaborate with global leadership teams to author, build, develop, implement and manage Security Policies, Standards and Guidelines.

  • Participate and provide key inputs in the overall GRC Vision and Cyber Security Program Development.

  • Work on GRC projects associated with Cyber Security Frameworks and Security Controls.

  • Operationalize various GRC capability areas (e.g. Enterprise Security Risk Management, Compliance Management & Policy Management) using a state-of-the-art automated GRC platform.

  • Understand business requirements to help design and implement GRC practices across the CISO Organization.

  • Lead, Maintain and Monitor Neustar's control framework, an extensive baseline security subset of control activities applicable to Neustar's product/service offerings.

  • Function as a GRC ambassador to internal customers.

  • Strong understanding of national and international laws, regulations, policies and ethics related to cybersecurity.

  • Function as a Subject Matter Expert (SME) providing solution designs and technical consulting services to mature compliance posture for Neustar's internal policies as well as with all applicable regulatory requirements including SOC II, state/federal/international data privacy laws, and NIST/CIS guidelines.

  • Lead Vulnerability, Systems Security, Information Security Control Assessments (e.g. CIS, NIST, ISO 27001, FedRamp).

  • Solid understanding of Enterprise Risk Management (ERM) standards on how to identify, access, mitigate, monitor, test and report on risks and controls required by the Risk and Compliance teams.

  • Work with Enterprise Risk Management (ERM) team to understand expectations for managing cross-functional risks and dependencies.

  • Ensure appropriate treatment of risk, compliance and assurance from internal teams.

  • Function as a negotiator for appropriate remediation plans for identified issues while maintaining strong relationships internally and externally.

  • Conduct Security Assessments related to Security Program and Controls.

  • Partnering with Internal Risk and Compliance, Data Privacy and Governance, CIRT, Identity and Access Management (IDM), Risk Assessment (RA) Security Engineering and Product Engineering teams to monitor and ensure compliance to standards, policies and procedures.

  • Partnering with CISO Organization to monitor, identify security gaps, evaluate and develop programs to enhance operational efficiency and also assist in redesigning the efforts to improve/automate control requirements.

  • Excellent command of Cybersecurity organization practices, operational risk management processes, principles, architectural requirements, engineering threats and vulnerabilities, including incident response methodologies.

  • Experience with the assessment, implementation, management and documentation of a broad set of information security technologies and processes (e.g.: application security, data protection, access management, network security).

  • Develop and maintain Information Security reference architecture documentation and diagrams.

  • Define metrics to track program progress and generate reports for executive leadership.

  • Ability to identify network attacks and system security issues as they relate to threats and vulnerabilities, with focus on recommendations for enhancements or remediation.

  • Expertise in Agile and can work with at least one of the common frameworks.

  • Noted cybersecurity expert, remaining up to date with latest technologies and participate in multiple forums.

Additionally, this role will:

  • Study the company's architecture, platforms, and services identifying integration issues.

  • Act in an advisory capacity for Secure Software Development and Life Cycle (SSDLC) development.

  • Enhance department and organizational reputation by accepting ownership of information security initiatives; update job knowledge by tracking and understanding emerging security practices and standards; participate in educational opportunities; read professional publications; maintain personal networks and participate in professional organizations.

Desired Skills and Experience

  • Minimum 8+ years of industry experience, and minimum 2-4 years of experience working on Information Security Governance.

  • Experience working with business owners and 3rd party vendors to implement appropriate security controls

  • Institutional knowledge of Neustar's security infrastructure and networks is a plus.

  • Strong analytical and technical skills with the ability to parse requirements and relate them to appropriate security controls.

  • Conceptual, analytical thinking and sound judgement with strategic orientation towards business objectives.

  • Ability to work in a fast-paced complex and dynamic environment, handling multiple projects simultaneously while demonstrating ownership to drive towards project completion.

  • Ability to engage at all levels of the organization to organize, drive and communicate results.

  • Excellent verbal and written communication skills along with presentation skills at varying levels of management, senior and executive leadership.

  • Collaborative team player with a positive attitude to learn and share.

Hands-on experience

  • Working with Security Risk Management Frameworks including regulatory compliance requirements (CIS CSC, NIST CSF & 800-53, ISO 27001, FedRamp, etc).

  • Design, engineering and administration of GRC Automation Platform's (RSA Archer, ServiceNow or SAP).

  • Security Vulnerability testing solutions (Nessus, AWS, Nexpose).

  • Cloud Security (AWS, Google, Azure).

  • As security practitioner/specialist in client facing roles in mid-size or large enterprises and demonstrated client facing consulting skills, including building strong client relationships.

  • Working skills on Microsoft (Excel, PowerPoint, Word & Visio).

Good to have understanding on

  • Identity and Access Management solutions (Sailpoint, ForgeRock, CyberArk).

  • Security Logging and Monitoring solutions (FireEye, Trend Micro, CrowdStrike, Splunk).

  • Network & Security Engineering technologies (Router, Firewalls, Load Balancers, IDS/IPS, Proxy, E-Mail Security, LAN, WAN, VPN and Micro-Segmentation Concepts).

  • Mobile device security and mobile device management solutions.

  • Knowledge of Cloud Security Alliance (CSA) best practices and guidelines.

Education and Certifications

  • 4-year degree in Information Technology, Computer Science, or related field.

  • Master's degree preferred.

  • Preferred Security Certifications (CISSP/CRISC/CISM/CISA/CCSK/AWS) or eligible to obtain certification within one year from date of hire.

Other Requirements:

  • Work Schedule: Shift (Monday - Friday). Maybe requested to work evenings and weekends to meet project deadlines.

  • Travel: Less than 10% as needed by the business.

Neustar does not accept unsolicited resumes from external firms or agencies. Neustar will not be responsible for placement fees associated with unsolicited resumes.

DIVERSITY

Diversity, inclusion and teamwork are second nature to Neustar; and these values permeate our entire business structure. Neustar is committed to creating an environment where a wide spectrum of opinions and beliefs are actively sought, listened to and respected. Further, our talented workforce draws from the many geographic areas and markets in which Neustar operates worldwide, which represents a distinct competitive advantage. The rich and varied personal and professional backgrounds of our employees make Neustar a dynamic and rewarding company at which to build a career. We invite you to join us.

EOE of Minorities/Females/Vets/Disability

Neustar, Inc. considers all applicants for employment without regard to race, color, religion, sex, national origin, age, disability, sexual orientation, or status as a Vietnam-era or special disabled veteran in accordance with federal law and other state and local requirements. Neustar, Inc., complies with applicable state and local laws prohibiting discrimination in employment and provides reasonable accommodation to qualified individuals with disabilities in accordance with the American with Disabilities Act (ADA) and applicable state and local laws.

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Information Systems Security Engineer (Isse) (Up To 25 Profit Sharing Benefit)

Caci International Inc.

Posted 1 week ago

VIEW JOBS 10/16/2020 12:00:00 AM 2021-01-14T00:00 Job Description This opportunity offers very rewarding and unique benefits, which equates to 50% of compensation on TOP of your base salary! The first part is a tax-qualified profit-sharing retirement plan, to which CACI annually contributes up to 25% of your base salary (not in excess of applicable IRS limits) to your retirement account. The second component consists of an Individual Benefit Account (IBA), which is used for premiums, medical reimbursements, dependent care, education and Paid Time Off (PTO) policy. Both components of the benefit package are paid for by CACI, in addition to your base salary and potential performance bonuses. We believe in a healthy home/work balance and our locations offer a wide variety of activities to balance with your work life. What You'll Get to Do: You will perform Information System Security Engineering support for various information systems throughout the system development lifecycle. You will have the opportunity to assist in system hardening, prepare comprehensive assessment testing procedures, system scanning, documentation, and support the engineering team by providing direct input on the information system design in order to obtain a successful Authorization to Operate. Additionally, you will maintain some operational systems as the primary systems administrator. Duties and Responsibilities: * Execution of the Assessment & Authorization (A&A process in accordance with government requirements (e.g. ICD-503). * Ensure that accreditation data is maintained within customer databases (e.g. Xacta). * Conduct research in multiple areas, to include emerging technologies, vulnerability information, system hardening (e.g. STIGs), operating systems, application software and security tools. * Prepare comprehensive security assessment testing documentation to validate applied security controls in support of Assessment and Authorization (A&A) testing. * Provide technical guidance focused on information security architecture. * Generate security accreditation artifacts to include, but not limited to Security Requirements Traceability Matrix, Security Plans, Certification Test Plans, and Continuous Monitoring Plans. * Perform vulnerability assessments using standardized tools (Nessus, DISA STIGs) and configuration updates as required to comply with security requirements. * Performing hardening of operating systems, COTS product and OpenSource products as required to support compliance with security requirements. * Provide technical engineering services for the support of integrated security systems and solutions * Assesses and mitigates system security threats, risks and vulnerabilities throughout the program life cycle. Contributes to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system operations. * Apply knowledge of IA policies and procedures disseminated by the customers organization * Perform day-to-day administration and maintenance of operational systems You'll Bring These Qualifications: * 10 years of related work experience and a Bachelor's degree in Computer Science, Information Assurance, Information Security System Engineering, or related discipline * An active TS/SCI clearance is required with BI date in last 3 years. * Must have a current certification compliant with DoD 8570 IAM or IAT level 3 OR obtain certification within 6 months of hire and maintain certification throughout employment. * Knowledge of IA principles and organizational requirements that are relevant to confidentiality, integrity, availability, authentication, and non-repudiation. * Ability to develop best practices for processes and standards that will better the system. * Knowledge of IT security principles and methods (e.g., firewalls, demilitarized zones, encryption). * Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]). * Knowledge of security system design tools, methods, and techniques. These Qualifications Would be Nice to Have: * Experience with ICD 503 and working knowledge of Risk Management Framework as outlined in NIST SP 800-37. * Working knowledge of information system security controls and how to assess their effectiveness per NIST SP 800-53 and NIST SP 800-53A. * Knowledgeable in continuous monitoring processes as outlined in NIST SP 800-137 appropriate for systems, leveraging existing tools, efforts, and incorporating new automation techniques. * Knowledgeable in information system vulnerability analysis and management. * Experienced in system testing methodologies that include: Penetration testing, Configuration analysis, Security best practices validation * Experienced in security testing and penetration tools such as: Backtrack, Assured Compliance Assessment Solution (ACAS), Wireshark, Retina, Tripwire * Experience with Security Content Automation Protocol (SCAP) or OpenSCAP scanning tools. * Experience managing McAfee ePolicy Orchestrator * Experience managing Windows Server Update Services (WSUS) * Experience maintaining COMSEC materials * Knowledgeable in Cyber Incident handling. * Experienced in using the XACTA application. What We Can Offer You: * We've been named a Best Place to Work by the Washington Post. * Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. * We offer competitive benefits and learning and development opportunities. * We are mission-oriented and ever vigilant in aligning our solutions with the nation's highest priorities. * For over 55 years, the principles of CACI's unique, character-based culture have been the driving force behind our success. Job Location US-Sterling-VA-VIRGINIA SUBURBAN CACI employs a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is proud to provide dynamic careers for employees worldwide. CACI is an Equal Opportunity Employer - Females/Minorities/Protected Veterans/Individuals with Disabilities. Caci International Inc. Sterling VA

Principal Information Security Specialist

Neustar, Inc.