Senior Information Systems Security Engineer (ISSE) - TS/SCI with CI or FS Polygraph
Location: Baltimore, Maryland
Firm Service: Enterprise Risk Services
Reference Code: E10BALCASCVC013
Type of Position: Full-time
Job Description
Consultant
Deloitte & Touche LLP's ("Deloitte & Touche's") Enterprise Risk Services business has a risk-based approach, experienced professionals, comprehensive methodologies, and technical resources. Deloitte & Touche's services combine competency and experience in the areas of financial reporting, risk management, and compliance.
We are seeking the best Public Sector (Federal) industry information security talent to join our Technology Risk Security & Privacy (S&P) service area for our Washington DC based Federal practice.
Deloitte's Enterprise Risk offers services and capabilities to clients in Technology Risk, Business Risk and Accounting, Valuation and Analytics service areas. The Technology Risk ("TR") service area is comprised of professionals with a broad range of information technology and management consulting skills in the areas of Technology Risk and Compliance, Security and Privacy. The S&P service/solutions include:
- Security & Privacy Strategy and Management
- Security & Privacy Technology Integration
S&P Strategy and Management services help clients develop and implement enterprise strategies and programs for managing information and technology risks. We use proven, standards-based methodologies and frameworks, coupled with deep industry knowledge and experience to deliver practical, sustainable management advice, and efficient and effective operational solutions.
S&P Strategy and Management services focus on developing management strategies, technical and operational architectures; implementing management programs relating to enterprise security and privacy; identity and access management; data protection and data leakage prevention; operational and information technology resilience; technology infrastructure protection; compliance with security and data privacy laws and regulations as well as internal control requirements. Our professionals engage in delivery activities such as: current state assessments, gap analyses, strategic planning.
S&P Technology Integration services focus on the following: identity and access management solutions for vendor products such as Oracle, Sun, IBM, CA, Novell, etc.; integration of identity management systems; automated controls & continuous monitoring technologies (SAP GRC, ORACLE GRC, Approva, etc.); security, internal controls and data implementation for ERP applications (SAP, Oracle, PeopleSoft, Siebel, JD Edwards, etc.); content management solutions such as Vontu; data loss prevention, security event management and enterprise encryption solutions such as those offered by RSA; strong authentication solutions such as smartcards and biometrics; and proprietary technology risk and compliance solutions such as Risk Catalog. Our professionals engage in the following activities: software selection, technical design and architecture, database design, programming, application configuration, data analysis and cleansing, system and user acceptance testing, etc.
We are seeking Information Security professionals to join our Technology Risk Security & Privacy (S&P) service area to support our Federal government clients in meeting compliance, security and privacy requirements. Ideal candidates will possess the following required skills and qualifications:
Required Skills:
- Active TS/SCI with CI or Full Scope Polygraph required to support our Intelligence community client
- 10 years experience in Information Assurance/Information System Security Engineering
- 5 years of recent experience with Defense in Depth principles and technology including access/control, authorization, identification and authentication, public key infrastructure, network, and enterprise security architecture
- Excellent knowledge of FISMA, DITSCAP, DCID 6/3, NIST Special Publication 800 series with respect to certification and accreditations, system security plans, risk assessment, and security requirements and Solid understanding of the NSA Certification and Accreditation process (NISCAP)
- Technical experience and Business Development (Professional Services Experience) with at least three of the following IV&V, Ethical Hacking, Certification & Accreditation, Security Review and Assessments, Pen Testing, Privacy, and/or FISCAM
- Demonstrated experience applying security risks assessment methodology to system development, including threat model development, vulnerability assessments, and resulting security risk analysis
- One or more of the following certifications is required: CISSP, CEH, IAM/IEM, CISM, ISSEP
Desired Skills:
- BA/BS Degree in Business Administration, Computer Science, Engineering, Information Systems or a related field is highly desired
- Experience in conducting IT Project risk reviews and independent verification and validation
- Information governance, data classification, access definition and data protection skills
- Excellent written, oral communication and presentation skills.
Client Location: Fort Meade, MD
About DeloitteAs used in this document, “Deloitte” means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries.Deloitte LLP and its subsidiaries are equal opportunity employers.
