Information Services Consultant works with end user groups to identify technical solutions to business problems or inefficiencies. Evaluates existing systems and/or user needs and makes recommendations. Being an Information Services Consultant may require certification in specific applications. Requires a bachelor's degree. Additionally, Information Services Consultant typically reports to a head of a unit/department. To be an Information Services Consultant typically requires 7+ years of related experience. A specialist on complex technical and business matters. Work is highly independent. May assume a team lead role for the work group. (Copyright 2024 Salary.com)
Please DO NOT Apply unless YOU:
1) can work 100% on-site and are available to Start in May/June 2024.
2) have all the Required skill set and have worked as a "IT Cybersecurity Policy Consultant (CISSP, CISM, CISA, GIAC, CISA, CISM, CCIE Security)" in a large & Complex IT Environment. Prefer Public Sector Environment
3) can meet the min required experience and have expertise with Formulating cybersecurity policies and procedures using NIST Cybersecurity Framework and guidelines
4) can provide at least 3 verifiable experience ((i.e., names, e-mail addresses, phone numbers of contact person(s), description of work performed, dates of hire, etc.) from completed and/or substantially completed jobs that closely match this request fill out a skill Matrix
5) can agree to provide a criminal history record check. The Criminal history record checks must be conducted through the state crime bureau in each state where the consultant indicates residence, employment, education and/or training over the past ten years. YOUR STATUS WILL ALSO BE VERIFIED USING E-VERIFY SYSTEM.
6) Are able to sign a form stating submission with our company, current with Child Support obligations and Tax obligations.
7) Can come for a Mandatory F-2-F interview at your own cost OR agree to a MS Teams interview if out of town candidate.
8) have a Competitive Rate
s and those authorized to work in the US are encouraged to apply. We are unable to sponsor H1b candidates at this time. NOTE: GIS will utilize the U.S. Department of Homeland Security's E-Verify system to verify the employment eligibility of all persons employed during the term of the Contract Note to Consulting Companies : ANY CONSULTANT S RESUME YOU SEND ME MUST BE ON YOUR COMPANY S PAYROLL, NO H1-VISA TRANSFER, NO PRO-MARKETING, NO SISTER COMPANY RESUMES. The resume should have the DIRECT contact info and email of the candidate otherwise the candidate will NOT be considered. ALL H1 candidates including those onWOULD need to provide I-797 (no exceptions).
Each staff member assigned to this project must have a background screening that is equivalent to a Level Two (2) screening standard.
This is a fixed fee/hourly based project which is inclusive of travel, lodging, per diem expenses and all other costs associated with the completion of the associated tasks.
Interviews:
In the event an interview is requested they will be conducted remotely via Microsoft Teams.
Telecommuting: Telecommuting is not an option for this position.
Scope of Work
Required consultant experience provided by Contractor, shall include:
A bachelor s degree in cybersecurity, information technology, computer science, English or a related field.
Any 1-2 of the Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA), GIAC, CCIE Security, CompTIA, etc.
8 years of experience in IT security related responsibilities
4 years of demonstrated experience producing information security related documentation addressing procedures, standards, and guidelines to ensure information security. This includes
proficiency in formulating policies and procedures aligned with the National Institute of Standards and Technology Cybersecurity Framework or analogous sectors.
Knowledge of and a comprehensive understanding of the NIST Cybersecurity Framework, including its core functions, categories, and subcategories.
Ability to interpret and apply NIST CSF guidelines to develop tailored cybersecurity policies and procedures suitable for the organization's needs.
Track record of successfully creating, reviewing, and updating policies and procedures, specifically in the realm of cybersecurity and in alignment with NIST standards.
Experience in translating complex technical concepts into easily understandable and implementable policies and procedures, catering to diverse stakeholders.
Experience in organizing documentation to facilitate easy navigation and understanding.
Experience in managing versioning and track changes in policy documents.
Clear and concise communicator capable of articulating complex cybersecurity concepts in both written documentation and verbal presentations.
Experience in working independently (taking initiative) while working in a team environment (cooperating with team members and supporting team members).
Knowledge understanding of basic security principles relating to confidentiality, integrity, and availability, risk assessments, administrative controls, technical controls, disaster recovery, etc.
Experience with Microsoft Word, Excel, and PowerPoint.
Preferred Experience:
Knowledge of relevant industry-specific regulations, compliance requirements, and standards beyond NIST, such as ISO/IEC 27001, or industry-specific frameworks.
Strong interpersonal skills to collaborate with cross-functional teams, stakeholders, and management to gather requirements and address cybersecurity concerns effectively.
Experience with Microsoft Visio.
Required Duties and Responsibilities of Consultant shall include but are not limited to:
The candidate will create comprehensive policies and procedures based on the NIST CSF framework.
The duties of the candidate will include the following:
Conduct an assessment of the organization's current cybersecurity policies and procedures against the NIST CSF framework.
Identify gaps and areas where policies and procedures need to be developed or revised to align with NIST CSF guidelines.
Draft clear and concise policies addressing cybersecurity governance, risk management, asset management, access control, incident response, and other relevant areas.
Ensure that developed policies and procedures align with each of the five core functions of the NIST CSF.
Map organizational processes and controls to the appropriate categories within the framework.
Develop detailed procedures that operationalize the cybersecurity policies based on the NIST CSF guidelines.
Engage with key stakeholders, cybersecurity teams, IT personnel, and department heads to gather insights and information necessary for the development of policies, standards, procedures, work
details or other relevant required documentation.
Collaborate with these stakeholders to ensure that the policies and procedures are practical, feasible, and aligned with organizational goals.
Maintain accurate documentation of developed policies and procedures.
Implement a version control system to track changes, updates, and revisions made to the documents over time.
Prepare reports and presentations detailing the status of cybersecurity compliance and the effectiveness of NIST CSF-based policies and procedures.
Communicate findings, recommendations, and updates to relevant stakeholders and management.
Collaborate with IT and security teams, legal, compliance, and other relevant departments to ensure a cohesive and integrated approach to cybersecurity.
The contractor will address the needs stated above by accomplishing the following:
Create policies and procedures using the NIST templates to align with each of the five core functions of the NIST CSF.
Create standards using the NIST templates to align with each of the five core functions of the NIST CSF.
Create work details and other relevant required documentation to align with each policy, standard, or procedure as required.
Map organizational processes and controls to the appropriate categories within the framework.
Education/Certifications
All Consultants must have earned a bachelor s degree in cybersecurity, information technology, computer science, Management Information Systems (MIS), English, or other related field.
Work Timeframes
The selected individuals will occupy a full time position, working up to 40 hours per week. Standard work times will be (or approximately) standard business hours (8a 5p Monday-Friday). Due to new hardware installations, upgrades and maintenance, weekend and/or after hours work may be required on an exception basis. We do not anticipate overtime, but if required, the pay would be the hourly rate, not time and a half.
"When replying please make sure to list your (All Inclusive) Compensation requirements !!!".
Note : This is a Full Time ON SITE Contract Position with NO REMOTE options allowed !!
# of positions = 1
ESTIMATED Start date : May/June 2024
No phone calls please.
Local Citizens are encouraged to Apply
No relocation assistance provided.
ONLY Candidates with an exact match will be contacted
Candidates should be authorized to work in the US.