Job Seekers, Please send resumes to resumes@hireitpeople.comSecurity Architect - with University/College experience preferred
Warwick, RI
7+ month contract (extensions possible).
Requirements:
- CISM Certified Information Security Manager
- CIPP/G Certified Information Privacy Professional/Government
- NSA IAM National Security Agency INFOSEC Assessment Methodology (IAM)
- HITRUST
The Department of Administration/Division of Purchases, requests mini-bids from MPA 230 firms to remediate technology and programmatic gaps identified in a recently completed risk assessment. In accordance with the terms of this solicitation, the State's General Conditions of Purchase.
The successful vendor must provide the following services in accordance with the NIST Cyber Security Framework and associated controls:
Data Classification
- Identify and inventory business information against confidentiality, integrity and availability requirements;
- Identify ownership at the departmental level;
- Determine where information is stored, processed and handled;
- Identify business partners or 3rd parties that have access to information;
- Preparation for information security control implementation.
- Define Baseline Security Levels
- Based on Critical business information and its value (Data Classification)
- Considers specific industry requirements for control selection
- Documents a formal written Security Architecture Plan
- Describes the levels and integration with Data Classification
- Documents a detailed System Security Matrix
- Identifies unique control requirements for the baselines and on a system-by-system basis, as needed
- Enables identification of exceptions
- Identifies system owners and responsibilities
- Develop, document and optionally implement organizational cybersecurity policy
- Establish security expectations for people, process and technology
- Ensure compliance with regulatory requirements
- Define consequences of policy violations
- Establish the Policy Management process
- Address specific, unique cybersecurity tasks utilizing industry standards and highly-certified experts
- Educate personnel regarding common security threats, attacks and consequences
- Educate personnel regarding policies, roles and responsibilities
- Educate personnel regarding identifying and reporting incidents
- Change personnel behaviors and reduce personnel risk
- Provide measurable improvements in personnel security behaviors and decision-making
- Ensure compliance with regulatory requirements
- Develop a culture of security.
