CJIS Security Consultant at The Evolvers Group

We are seeking a resource to conduct comprehensive audits of data systems including its infrastructure, policies and procedures, to assure: all data meets or exceeds federal Criminal Justice Information Services (CJIS) security guidelines; are Payment Card Industry (PCI) compliant; and meet or exceed current “best practices” regarding driver’s license and motor vehicle data security; and to serve as a Local Agency Security Officer (LASO) for DVS’s use of CJIS. 

Required Experience:

• Six years’ experience in a security architect or engineer role.
• Three years’ experience in network engineering, including firewall management.
• Four or more engagements, within the last ten (10) years, in a security architect or engineer role where the engagement was longer than three months each.
• Three years’ experience in CJIS and Real ID security environment.
• Three years’ experience in and documented IT Security in law enforcement background.
• Experience with the design and implementation of information systems, in organizations with more than 50 people, with an emphasis on data, network, and infrastructure security.
• Comprehensive knowledge of hardware, software, application, and systems engineering.
• Broad knowledge of database systems, web-based technologies, and network security.
• Systems thinking – the ability to see how parts interact with the whole (“big picture” thinking).
• Knowledge of IT governance and operations.

Required Certification:

• CJIS Certification completed and up-to-date.
• CISSP or GIAC certification completed and up-to-date.

Desired Experience:

• Interpersonal and leadership skills – servant leadership, collaboration, facilitation, and negotiation skills.
• Communication skills – both written and verbal.
• Ability to explain complex technical issues in a way that non-technical people may understand.
• Time management and prioritization.

Responsibilities:

• Identify who is using the CSA approved hardware, software, and firmware and ensure no unauthorized individuals or processes have access to the same.
• Identify and document how the equipment is connected to the state system.
• Ensure that personnel security screening procedures are being followed as stated in FBI CJIS Security Policy and the Client's policy
• Ensure the approved and appropriate security measures are in place and working as expected.
• Support policy compliance and ensure the CSA ISO is promptly informed of security incidents.
• Conduct an annual audit of CJIS compliance and track remediation efforts on any items found
• Maintaining CJIS compliant network architecture
• Properly vetting all individuals with access to DVS physical and logical resources through the access control systems and best IAM practices
• Properly vetting all software and hardware vendors for CJIS compliance
• Working closely with client to utilize enterprise resources when possible and involving client on all technical projects
• Active involvement in all data access requests that may contain CJI to ensure CJI is protected accordingly
• Work through vendor agreements to ensure all security requirements are met or exceeded