POSITION PURPOSE : The Sr. Security Specialist is responsible for completing a high-level risk assessment of the environment from an information security perspective. Using the ISO27001 (combined with elements of the NIST 800-53A) as a standard, the specialist will interview key personnel to attain alignment, both in policy and in practice. Once complete, the final deliverable is gap assessment and roadmap to be reviewed and approved by the customer. ESSENTIAL DUTIES AND RESPONSIBILITIES : Understand contractual requirements with assigned customers Deliver customer security solutions Understand, communicate and administer established IT security policy Assist solution design teams on technical specific security requirements Contribute on a proactive basis to trend analysis and policy development Review and approve change management and new customer requests from a security and risk management perspective Second Level support for security related end user problems Perform security trend and technology related research as necessary Implement vulnerability, detection and protection security systems OTHER DUTIES AND RESPONSIBILITIES : Implement security audit gaps results into the build and implementation project phase Define and realize plans concerning technical content and innovation in such way that will contribute adequately to the realization of Security Management client goals Assist in internal and external security audits Review and when needed improve the Security Management process QUALIFICATIONS : Relevant security certifications are desirable but not mandatory, such as CISSP, CISM or CISA. Bachelor's Degree with a focus in Information Systems / Computer Science / Information Security or higher. Minimum 5 years of working experience in systems engineering on a specific OS (AIX, Linux or Microsoft Windows) or storage infrastructure, 3 years in Information Security experience with a focus of Security Management Strong understanding for various IT security standards and practical experience implementing it within the IT framework of an organization Strong understanding and practical experience of multiple compliance frameworks like PCI. ISO 27001, ISAE3402, COBIT, ITIL, and SOX also helpful. Excellent knowledge in access management/controls and have working experience in implementing it by applying a model and/or using a tool or system Competent in security strategies and technologies including operating systems security, secure network, web and database services, penetration testing, access control, system monitoring and cryptography. Experienced at implementing or managing risk management/methodology, processes and tools. Ability to evaluate enterprise-wide impacts and make recommendations to approach issues and mitigate potential risks to an acceptable level Experienced with solving complex technical security issues through design of security controls within a development lifecycle, provide recommendations to operational processes in service delivery, etc. Experienced in handling challenging security incidents and participation in audit demands, communicate with internal & external customers management Excellent interpersonal, verbal and written communication skills Excellent analytical thinking and stakeholder engagement skills Strong organizational and planning skills EDUCATION : Completion of a Bachelor’s degree with course work in computer science, or equivalent work experience. Send your resumes to sandeep@finezi.com OR contact me at 510-984-2280. Contact Details Sandeep Abbimane Finezi Inc Email id : sandeep@finezi.com Phone number - 510-984-2280.