Information Security Analyst -$95 CTC ; $85 W2 - ONSITE (Relocation Allowed)

Job Description:

***Only w2/ 1099 CTC will be considered.

Location Requirement: 100% onsite-Local candidate is preferred but a candidate with a confirmed relocation plan would be considered.

• The contractor position will augment DETR IT Division's Security team in performing the information security related job duties and creating policies to satisfy audit requirements from IRS/SSA.
• The contractor will be tasked to create a security vulnerability management program.
• The contractor will assist in creating the disaster recovery plan for DETR.
• The contractor will assist in reviewing security and disaster recovery work products from vendor FAST on the NUI (Nevada Unemployment Insurance) project.
• The contractor will provide guidance and support on the Oracle Cloud project with matters related to various Oracle Security products.

Security functions include but are not limited to: security policies, security operations, and/or maintaining oversight of information systems and data within the assigned area of information security responsibility. The position performs security audits to ensure compliance state and federal compliance rules, investigations, security awareness training administration, security access control recommendations, badge access administration, threat assessment with email and web gateways, approval authorization, threat detection alert notifications and evaluation of software and hardware recommendations with related cost estimates. The position supervises IT Professional staff and create operational procedures for staff that perform duties associated with supporting the security requirements set forth by the State of Nevada. Such materials include procedures for reviewing internal equipment logs and procedures for monitoring and supporting DETR infrastructure and protecting data

Required Skills:

• Information security services may include conducting risk assessments; providing a security framework, developing security guides, policies and plans; and providing an end-to-end information security solution for environments from desktop to mainframe, interface between information systems and networks as well as systems and physical sites.
• Other services include designing, planning, implementing, testing and participating in the certification and accreditation of systems, as well as providing support tools for construction of such systems.
• Consultant(s) should have a good understanding of and be able to demonstrate abilities in the following including, but not be limited to:
• Business impact analysis
• Continuity of operations/disaster recovery
• Risk assessment/mitigation

Desired Skills:

• Incumbents work with management and technical staff to develop a comprehensive information security program for integrated IT systems within the State or agency and are responsible for three or more of the following ten security domain areas:
• Access control centralized / decentralized / remote / federated
• Application/system development security validation / verification / guidelines
• Continuity of operations/disaster recovery planning business recovery
• Cryptography transport / storage / authentication / non-repudiation
• Information security management awareness / policies / risk management / procedural standards
• Operational security (OPSEC) threats / hostile code / techniques
• Physical technical security access systems / structural / environmental controls
• Security architecture and models methods / security operational standards
• Security law, investigation, and ethics cyber-crime / incident response / security regulation
• Telecommunications/network security enclave / monitoring / virtual private network / firewall / prevention