MAIL RESUMES TO : <mailto:t...@vstconsulting.com> t...@vstconsulting.com Location: Wilmington DE Duration: 6-12 Months Position Title: Information Security - Application Risk Assessor Department: Information Security Reports To: Director - Information Risk Management Position Summary: This role will be responsible for developing detailed requirements and design review for applications developed internally and externally to support a new Mobile Payments Product. These applications include web, java, and middleware code in support of customer and partner facing interfaces. This role includes developing a detailed understanding of related existing applications and environment. This individual should have business acumen and detailed understanding of the Software development lifecycle. This individual will be primarily interfacing with the Mercury Security Lead to provide project status and escalation. Work with application development team leads to ensure application security is aligned with policy, security best practices and business needs. Essential Functions: Experience and knowledge in a corporate environment with the following; . Application development standards . Penetration testing tools including SNORT, NESSUS, Webinspect, Application Fuzzers etc. . information classification methods . experience with FFIEC, ISO 17799 and NIST risk management . principles of development of baselines and their relationship to risk-based assessments of control requirements . life-cycle-based risk management principles and practices . threats, vulnerabilities and exposures associated with confidentiality, integrity and availability of information resources . recommendation of appropriate user access controls, reporting and logging of each application . quantitative and qualitative methods used to determine sensitivity and criticality of information resources and the impact of adverse events . gap analysis to assess generally accepted standards of good practice for information security management against current state . risk mitigation strategies used in defining security requirements for information resources supporting business applications . cost benefit analysis techniques in assessing options for mitigating risks threats and exposures to acceptable levels . managing and reporting status of identified risks . Project management experience. Other Responsibilities: . Performs other work related duties as assigned Knowledge, Skills, Education, Experience, and Competencies: . Bachelor degree in Computer Science, Information Technology or related field required. . Information security or IT Audit experience . Detailed understanding of the operations and security for Global Platform 2.2 preferred . Detailed understanding of the operations and security RFID and/or EMV preferred . Detailed understanding of the threats and associated mitigation for mobile web applications preferred . Knowledge of regulatory requirements, security standards and compliance issues (FFIEC guidelines, Sarbanes Oxley, GLBA, ISO 17799, CobiT v4.0, and Payment Card Industry Data Security Standard (PCI DSS)). . Experience with root cause analysis, risk mitigation, security assessments, analysis of security threats, trends and architecture preferred. . In addition to security, proficient in other IT control areas (i.e., change management, SDLC, Operations). . Strong project management (and time management) skills required. Ability to work on numerous projects/activities simultaneously. . Strong written and verbal communication, coordination and organizational skills required. . Proven interpersonal skills and ability to take a leadership role. The ability to communicate with management and peers to build and sustain cohesive relationships. . Superior attention to details. . Able to work well with and communicate effectively with all levels with the IT Organization. . Able to quickly grasp the big picture, yet remained focused on coordinating tasks at the detailed level The above statements reflect the general details considered necessary to decide the principal functions of the job identified, and shall not be construed as a detailed description of all work requirements, which may be inherent in the job. Thanks & Regards Tina | VST Consulting, Inc. Email : <https://mail.google.com/mail/html/compose/static_files/t...@vstconsulting.c om> t...@vstconsulting.com Yahoo ID: tina.1623 |Gtalk: tina1623 Ph : 732-404-0025 Ext : 117
