REQUIRED QUALIFICATIONS:

• Progressive, advanced experience as an IT information security professional within an enterprise environment.
• Detailed technical experience with network security, security protocols, access control, cryptography, application security, and data protection.
• Extensive experience with data classification, handling, assessment, and enforcement.
• Experience implementing and supporting systems within enterprise-class data center environments.
• Advanced knowledge of regulatory compliance frameworks (OWASP, ISO, NIST, FISMA, PCI-DSS, HIPAA, etc.).
• Experience developing and leading incident response plans.
• Experience providing research and evidence in support of audits.
• Experience consulting on information security solutions for a state or federal agency.
• Detailed expert knowledge of NIST 800-53 and the NIST Cyber Security Framework (CSF) and performing risk assessments utilizing them.

PREFERRED QUALIFICATIONS:

• CISSP certification.
• Current or prior role as a PCI-DSS Qualified Security Assessor (QSA) or Internal Security Assessor (ISA).
• Experience with AWS and/or Azure cloud environments.
• Hands-on experience with security technologies such as firewalls, IDS/IPS, and SIEM.
• Experience with IBM Qradar SIEM.
  Job Types: Full-time, Contract
  Pay: $102.00 per hour
  Expected hours: 40 per week

Benefits:

• Health insurance

Experience:

• IT information security in an enterprise environment: 5 years (Required)
• Network security, access control, and data protection: 5 years (Required)
• Data classification, handling, and enforcement: 5 years (Required)
• Supporting systems in enterprise data centers: 5 years (Required)
• Regulatory compliance (NIST, ISO, PCI, HIPAA): 5 years (Required)
• Leading risk assessments using NIST or ISO: 5 years (Required)
• Providing research and evidence for audits: 3 years (Required)
• Consulting on security for government agencies: 2 years (Required)
• Risk assessments using NIST 800-53: 2 years (Required)
• Risk assessments using the NIST CSF: 2 years (Required)
• Compliance with NC DIT Security Manual: 2 years (Required)

License/Certification:

• U.S. Citizenship or a Green Card (Required)
• CISSP certification (Required)

Location:

• North Carolina (Required)

Work Location: Remot

ABOUT THE ROLE:

We are seeking a senior-level Information Security Architect for a long-term, remote contract position with a state government agency. In this expert-level role, you will be dedicated to developing a robust security program by creating and updating policies, standards, procedures, and processes.
As the Information Security Business Architect, you will specialize in industry-standard security, risk, and compliance frameworks to provide critical information security policy and program development. This is a key role in maturing the agency’s security posture.
Please note: This position will be remote until staff are required to return to the office, at which point the candidate will be required to work onsite. The candidate must be able to collect equipment in person from the NCDOT Century Center on the first day.

ESSENTIAL RESPONSIBILITIES:

• Lead the creation and updating of the information security program, including related policies, standards, and procedures.
• Develop and implement information security policies and standards.
• Lead complex risk assessments using industry-standard frameworks like NIST and ISO.
• Provide subject matter expertise on regulatory compliance requirements, including NIST, ISO, PCI-DSS, HIPAA, and IRS-1075.
• Develop, lead, and execute information security incident response plans.
• Provide detailed research and evidence in support of internal and external audits.
• Consult on and architect information security solutions for a state government environment.
• Perform risk assessments and drive compliance with state-wide information security manuals and frameworks (NIST 800-53, NIST CSF).