Non-gov InfoSec Position in Reston, VA

In case anybody out there is interested, one of my clients is hiring an "Information Security Analyst" and is willing to pay fairly well. Full position notice is included below, after the jump. This client has been quite decent to work with and there is certainly a lot of opportunity in the environment. If you're interested, please ping me and I can help get your resume/CV to the hiring manager.

Following is a description of positions available with Infrastructure in the Reston Office. If you are interested in applying for these positions, please contact me no later than June 20, 2008.

TITLE: Information Security Analyst

REPORTS TO: IT Security Manager

DEPARTMENT: Infrastructure


AVAILABLE: Immediately

HIRING RANGE: $95,077 to $123,600



Responsible for the planning, design, and auditing of security policies and procedures which safeguard the integrity of and access to systems and electronic information in order to guard information against accidental or unauthorized modification, destruction, or disclosure. Identifies and develops areas where information security policies and procedures require creation or update. Confers with management, developers, auditors, facilities and other business unit personnel to identify and plan security for data, software applications, hardware, telecommunications, and computer installations. Provides risk assessments and security briefings related to security issues. Manages IT security awareness programs and activities, and advises resource owners on formation of appropriate security policies.

The role of the Security Lead Analyst is to safeguard confidential information assets stored or managed across the College Board organization. The scope involves information technology security, and identification of key security initiatives and standards. Specific initiatives include support of the College Board Security Program; functional services (Privacy and Confidentiality); education, awareness and training; contracts security due diligence; product standards; advisories and bulletins; and overall security compliance. The individual will lead other staff members in the program design and to effect specific initiatives, programs or projects to meet those management and business objectives. This includes assisting in establishing clearly defined and documented scope, objectives, approach, plans, and resource requirements. The individual provides overall security program strategic direction to improve the information security posture and assurance level of the organization.


· Acts as an advocate of information security and privacy programs across the organization.

· Develops and implements security standards, tactical processes and procedures, and guidelines for multiple platforms and diverse systems environments (e.g. corporate, distributed computer and client server systems) that are consistent with College Board initiatives and weighs appropriate risk and value with cost that can be leveraged across the organization.

· Identifies regulatory changes that can affect information security policy, standards, and procedures to recommend appropriate security program changes.

· Provides support to IT and other business units as appropriate in responding to audits and other information requests, and assists and coordinates the development and oversight of functional area self-assessments.

· Provides technical expertise and support to clients, IT management, and staff during risk assessments and the implementation of appropriate information security procedures and products.

· Acts as a Project Manager for key initiatives and provides assistance and training to peers.

· Coordinates the development, testing and implementation of security review plans, products and control techniques.

· Performs a leadership role in the overall security program structure and design, security metrics reporting, and information security assurance improvement processes.

· Inventories current information resources and assist line-of-business management in selecting appropriate resource owners. Works with resource owners in line-of-business organizations to determine appropriate security policies for securable resources.

· Leads security incident response and follow up on IT related security issues, and participate in investigations of suspected information security misuse or compliance, and recommends appropriate corrective actions for information security incident response.

· Tracks, documents and publishes security notifications related to College Board supported systems software and hardware and classifies unresolved security exposures to management.

· Develops and performs awareness presentations and trains information owners in the appropriate use of information and in the implementation of necessary computer security controls and/or systems.

Internal Contacts

Maintains a professional working relationship throughout all levels of the enterprise including all key stakeholders, the Information Security Team, and other significant contacts within the organization. Works with key IT stakeholders and business users for program implementation and information collection and dissemination. Maintains close contact with information "owners".

External Contacts

Has regular contact with software/hardware security vendors to keep current with new products. Develops relationships with professional organizations, etc. to keep abreast of new trends in corporate and departmental information security. May work with partners, customers or other third party contractors on items related to information security.


Five to Eight years in a computer related field, with at least 5 in Information Security in an enterprise tactical and strategic setting.

Demonstrated competency in project management in a cross-functional environment and with the proven ability to lead technical teams is required.

Bachelor’s Degree in Business, Management, or Computer Sciences, or equivalent prior work experience in a related field.

Strong operational, tactical and strategic understanding of security products and concepts such as firewalls, VPNs, IDSs and other security devices.

Current CISSP, CISM, CISA, or related security certification.

Experience in designing or implementing enterprise security architecture models and frameworks.

Related Skills and Other Requirements:

Willingness/ability to work off-shifts (evening, night-time, weekend).

Knowledge of risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies, and security attack pathologies.

Ability to work effectively in both an independent or team environment.

Experience in leading strategic thinking and planning sessions.

Must have the ability to communicate technical and security-related concepts to a broad range of technical and non-technical staff, security vendors, consultants and senior management.

Possesses strong interpersonal and project management skills.

Tactical and strategic experience with security program development or management.

Proven ability to lead and manage staff, mentor staff members, provides direction and influences behavior.

Excellent oral and written communication skills with the ability to present and discuss technical information in a way that establishes rapport, persuades others, and gains understanding.

Confidence and leadership as a member of project teams in working with business users in a cross-functional environment.

Knowledge of application level security.

Excellent problem solving and analytical ability.

Requires use of a wireless handheld device with messaging capability.

About this Entry

This page contains a single entry by Ben Tomhave published on June 12, 2008 8:38 AM.

SCADA Hole, InfoSec Humor was the previous entry in this blog.

2008 Goals: May Progress Report is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Monthly Archives


  • about
Powered by Movable Type 6.3.7