Company: Ageatia Global Solutions
Location: Owings Mills
Posted on: January 27, 2023
Under the supervision of the Manager, Cybersecurity Risk
Management, the incumbent's accountabilities include, but are not
limited to the following:
- Execute security risk management leadership through the design
and implementation of security policies, procedures, guidelines and
standards to maintain the confidentiality, integrity and
availability of information systems and data.
- Assess third party cybersecurity controls, identify gaps,
assist in development of mitigation strategies and manage them to
- Represent Information Security from an Information Security
Risk Management perspective.
- Lead the Security Risk management function and further support
collaboration across the various risk related teams in the
- Lead risk analyses efforts to ensure consistency in the
detailed risk assessment lifecycle inclusive of identification,
socialization, mitigation, and closure.
- Design and implement security solutions to monitor the
efficiency and effectiveness of security operations, controls and
infrastructure for on-premise and cloud (Azure and AWS)
- Design, implement, and integrate security solutions to address
enterprise risks and exposures.
- Develop and maintain Information Security Risk Metrics
supported by KPIs and KRIs.
- Provide support and guidance to a team of technically diverse
personnel of senior level security specialists and junior level
- Implement necessary enhancements/updates/upgrades to existing
- Assist in the configuration and installation of security
products. Where possible, suggesting and implementing solutions to
automate manual operational activities.
- Test and report on new technologies to address security
concerns and work closely with the vulnerability management team on
the identified risks.
- Serve as lead technical information security
coordinator/project lead and as a contributor to cross functional
teams for deployment and support of security specific
infrastructure in order to provide information security to the
- Co-lead Client compliance/risk management efforts in support of
NIST, FedRAMP, HIPAA, and BCBSA to include but not limited to:
external assessment readiness/support, self-assessments, risk
assessments, Plans-Of-Action-and-Milestone (POA&M) management,
- Identity and access management.
- Data protection (through the use of technologies such as whole
disk encryption, end-to-end e-mail security, public and private key
management, data leakage prevention, web application and source
code security, database security, etc.)
- Network devices and infrastructure, desktop/mobile devices and
remote access to the network,
- Information governance to ensure data is managed based on its
sensitivity, information security policies, guidelines, and
- Information governance through performing day-to-day
maintenance and addressing issues and problems associated with
- Provide general support to the Information Security department
in carrying out its' assigned functions and
- Provide ad hoc off-hours support and problem resolution as
directed by departmental requirements, service level agreements and
internal support procedures.
- Provide assistance with audit issues and recommendations for
remediation from an Information Security perspective.
- Interact with other IT Operations teams to develop tactical and
strategic programs to address processes, controls, and
infrastructure to manage information security related concerns and
- Properly interpret business and technical requirements into
security solutions and designs that are consistent with the current
information security architecture.
- Implement and assist in enforcement of company security
- Document results of system and application reviews including
corrective action taken and security related
- Assist with reviews of current and new Client systems and
applications, including changes to existing applications/systems,
to assure compliance with Information Security policies and
- Apply creative thinking in problem solving and identifying
opportunities for improvements in security.
- Provide Information Security related recommendations regarding
Client infrastructure components (communications network, physical
security, data access, computer hardware/software and data
confidentiality, integrity, and availability).
- Work with intra/interdepartmental technical and business
personnel in a dynamic and varying environment.
- Collaborate with other Information Security specialists,
designers, developers, and architects.
- Work with other technical teams in the organization such as IT
Operations and IT Applications.
- Share ideas, discuss alternatives, and seek input. Suggest
means to decrease vulnerability of systems, applications and
- Maintain familiarity with state of the art concepts,
procedures, software and techniques in Information Security in
order to be able to effectively assess and develop the Client
Information Security environment.
Required : College Degree in an Information Security or Technology
related field or equivalent experience plus 7+ years related work
experience. The incumbent will possess a high level of expertise in
information security concepts, information security policies and
system architecture concepts and have experience in process
definition, workflow design, and process mapping. In depth
understanding in multiple areas of Information Security such as
networking (TCP/IP, OSI model, network protocols), operating system
fundamentals (Windows, UNIX, mainframe), security technologies
(firewalls, switches, routers, IPSEC, IDS/IPS, etc.),
authentication technologies, wireless architectures, encryption key
management, and mobile device technologies. Also, must have
knowledge of vulnerability assessments, privacy assessments,
incident response, security policy creation, enterprise security
strategies, and governance. The incumbent must also have an ability
to quickly and effectively learn Information Security tools in a
large, complex multi-platform environment.
Abilities/Skills (candidate should possess most of these):
- Ability to identify and resolve complex issues and develop
security solutions to meet Client's business and technology
- Strong written documentation skills and technical writing are
- Excellent presentation and verbal communication skills
- Ability to effectively lead/complete tasks with a minimal level
- Strong computer skills, including knowledge of Microsoft
Windows, various e-mail systems (Microsoft Exchange)
- Possess broad understanding of the following systems/skill
- System hardening concepts and techniques
- Network and remote access controls
- Unix, Linux, Web application servers
- Virtualization technologies
- Encryption technologies and key management
- Familiarity with access control methodologies (MAC, DAC.
- Professional certification such as CISSP, CRISC, CISA, or CISM
(lead level only)
- Significant understanding of NIST Risk Management Framework and
Information Security Risk Management methodologies including FAIR
- Experience with Information Security Governance, Risk, and
Compliance (eGRC) Programs and Platforms.
- Proven ability to translate technical requirements to the
- Specific knowledge of Client business and Client Client
- An understanding of the relationships among various units
within the corporation.
- Ability to understand, develop, and socialize security
policies, standards, and procedures.
- Proficiency with security controls for cloud environments
(Azure and AWS) including FedRAMP requirements.
- Proficiency with control implementation and monitoring in
addition to information security metrics and reporting
- Familiarity with security tools such as wireless and network
scanning applications, vulnerability assessment applications and
concepts, IDS/IPS, Data Loss Prevention, and other appropriate
security related tools and capabilities.
- Experience working with Information Security tools in a large,
complex, multi-platform environment.
- Familiarity with HIPAA Security Rule and compliance
- Experience developing and maintaining System Security Plans
- Understands complex cybersecurity issues as well as emerging
technologies and develop creative solutions while ensuring
compliance with cyber security laws and regulations
- Experience in risk management, compliance, audit, or third
Keywords: Ageatia Global Solutions, Baltimore , Security Analyst, Professions , Owings Mills, Maryland
Didn't find what you're looking for? Search again!