Job Seekers, Please send resumes to resumes@hireitpeople.comShort Description: Risk Assessor
**LOCAL candidates STRONGLY preferred**
Complete Description: The qualified candidate will join a team that is responsible for the assessment of information systems that are supported by multiple operating systems, databases, and software development technologies.
TAX seeks an experienced risk assessor in Richmond, VA. The qualified candidate will join a team that is responsible for the assessment of information systems that are supported by multiple operating systems, databases, and software development technologies. The candidate will assist agency personnel in performing risk assessments in accordance with Commonwealth and Agency procedures as well as identify opportunities for improvement. The underlying information infrastructure includes Linux, UNIX, and Windows operating systems; Oracle and Microsoft SQL Server databases, and multiple software development languages that include PowerBuilder, Java, .NET, etc. to name a few.
The IT Risk Assessor is responsible for assisting with meeting security and compliance requirements per state and federal standards. The risk assessor will review information system security controls and evaluate their efficacy in mitigating associated risk. The risk assessor will work closely with system owners, data owners, and system administrators to conduct interviews and review technical information. The assessor will provide an executive summary of the assessment along with a completed VITA Risk Assessment Template for each system evaluated.
An information system security risk assessment should also be performed in compliance with SEC501.09 and SEC520.00 using the risk assessment template:
(http://vita.virginia.gov/uploadedFiles/VITA_Main_Public/Library/PSGs/Word_versions/Risk_Assessment_Template.xlsx)
Required:
•2+ years of experience conducting IT risk assessments
•Apply strong knowledge of analyzing system security controls implementation and efficacy
•Demonstrated experience working as a member of a core team as well as an individual with minimal supervision
•Possess strong attention to detail and ability to communicate effectively written and verbally
•Work with tools to support the IT Security program as well as provide assistance to the corporate information security governance & risk teams as needed. Core tools supported by this role will be Vulnerability scanning and analysis, Intrusion Detection/Prevention System (IPS/IDS), Security Event Logging, Firewalls and other network security technologies, as well as additional security tools added to augment TAX’s IT Security program.
•Evaluate the day-to-day operations implemented to protect the integrity, confidentiality, and availability of information assets and technology infrastructures of the organization.
•Requires the ability to lift no more than 50 lbs
Skill | Required / Desired | Amount | of Experience |
Perform risk assessment | Required | 2 | Years |
Knowledge of SEC501 security standard | Required | 2 | Years |
Knowledge of IRS Pub 1075 and CIS benchmarks | Nice to have | 2 | Years |
Experience creating technical documentation and reports | Highly desired | 2 | Years |
Familiar with various technologies such as: programming languages - Java, .NET; infrastructure - Windows, Linux, UNIX, MS SQL, and Oracle, | Desired | 3 | Years |
Possess strong attention to detail and ability to communicate effectively written and verbally | Required | 2 | Years |
Apply knowledge of analyzing system security controls implementation and efficacy in evaluating risk | Required | 2 | Years |
Demonstrated experience working as a member of a core team as well as an individual with minimal supervision | Highly desired | 2 | Years |
