Information Security Risk & Compliance
Company: Tech Providers Inc.
Location: Alhambra
Posted on: June 27, 2025
|
|
|
Job Description:
Role: Information Security Risk & Compliance Duration: 12 months
contract Location: Alhambra, CA (Onsite) Position Description: An
Information Security Specialist interprets information security
policies, standards and other requirements as they relate to
internal information system and coordinates the implementation of
these and other information security requirements. The Information
Security Specialist redesigns and reengineers internal information
handling processes so that information is appropriately protected
from a wide variety of problems including unauthorized disclosure,
unauthorized use, inappropriate modification, premature deletion,
and unavailability. The Information Security Specialist will
provide highly specialized experience in one or more information,
computer, or network security disciplines (e.g. penetration
testing, accreditation, or risk assessment and mitigation); develop
system security plans, certification and accreditation reviews;
analyze and establish processes for comprehensive systems and data
protection; assess and mitigate system security threats and risks;
perform security audits, evaluation, risk assessments and make a
strategic recommendations; and manages, supports, installs and
maintains security tools and systems, and tracks security patches
and incidents. Skills Required: The Information Security Specialist
will possess knowledge and experience in standard methodologies
used in certification and accreditation processes; extensive
experience following NIST guidelines in risk assessment and
management; conducting vulnerability analysis; developing
mitigation plans; and performing penetration testing, password
protection testing and application security testing. Demonstrated
expertise in governance, risk management, and cybersecurity
compliance, including the development and implementation of
policies, standards, and control frameworks. Strong working
knowledge of information security regulations and industry
frameworks such as NIST (800-53, CSF), ISO/IEC 27001, and PCI DSS,
with the ability to map controls and assess compliance. Experience
conducting risk assessments, control evaluations, and compliance
audits to support enterprise-wide GRC initiatives. Familiarity with
vulnerability management, threat intelligence analysis, and
security architecture design in support of risk and compliance
objectives. Understanding of encryption technologies and data
protection principles as they relate to governance and regulatory
obligations. Foundational knowledge of technical environments
including IT security, networking, and systems administration, with
awareness of tools such as SIEM (e.g., Microsoft Sentinel),
firewalls, and other endpoint/network security platforms.
Experience Required: This classification must have a minimum of
five (5) years of experience applying security policies, standards,
testing, modification and implementation. At least three (3) years
of that experience must be in information security analysis. 3
years of experience within each of the following: Applying risk
management principles, including conducting audits, security
assessments, and interpreting industry-standard security frameworks
(e.g., NIST, ISO 27001, CIS). Conducting and supporting security
operations, control assessments, audit remediation, and enterprise
risk governance initiatives. Performing information security risk
assessments, evaluating control effectiveness, and analyzing risk
impact for technology initiatives and third-party integrations.
Participating in incident response processes, including detection,
containment, and post-incident analysis. Managing the security of
complex, multi-platform IT environments, including various
operating systems, software suites, and network protocols, within a
large organization. Education Required: This classification
requires the possession of a bachelor’s degree in an IT-related or
Engineering field. Additional qualifying experience may be
substituted for the required education on a year-for-year basis.
One (1) or more industry-recognized Certifications in Security:
CISSP (Certified Information Systems Security Professional) CRISC –
Certified in Risk and Information Systems Control CISA – Certified
Information Systems Auditor CISM (Certified Information Security
Manager) About this facility:
Keywords: Tech Providers Inc., Paramount , Information Security Risk & Compliance, IT / Software / Systems , Alhambra, California
