Develop and maintain a comprehensive security architecture framework to support the strategic goals of the company.
Design, build, test, and implement security systems within an enterprise architecture.
Define, implement, and maintain corporate security policies and procedures.
Integrate security considerations into IT project deployments and business processes.
Evaluate and recommend new and emerging security products and technologies.
Conduct security assessments of internal systems, networks, and new technologies.
Review change management & approve CRs.
Act as single point of contact for review and change management.
Align with internal team in regulations requirements and change management.
The successful consultant will:
Facilitate a systematic and comprehensive self-assessment of cybersecurity maturity based on the NIST Framework and PCI-DSS standards.
Working with the internal team, identify best practices and execute a process for systematic review of all required areas including but not limited to:
Review current and proposed system architectural designs to validate the approach.
Identify any gaps and recommend adjustments.
Provide hardware and software recommendations.
Provide guidance, to include examples of but not limited to, technical policies to ensure compliance with required controls, such as Access Control, Configuration Management, Identification and Authentication, Media Protection, etc.
Review existing policies and practices for physical and logical access control and make recommendations.
Provide guidance to administrative policies necessary to ensure compliance with required controls such as risk assessment, etc.
Review existing administrative policies and practices and make recommendations.
Guide development of System Security Plans (SSP) and Plan of Action and Milestones (POAM). Provide models of SSPs and POAMs that can be adapted for use.
Assist and consult in developing a zero-trust architecture.
