CJIS Security Consultant at The Evolvers Group
St. Paul, MN
About the Job
We are seeking a resource to conduct comprehensive audits of data systems including its infrastructure, policies and procedures, to assure: all data meets or exceeds federal Criminal Justice Information Services (CJIS) security guidelines; are Payment Card Industry (PCI) compliant; and meet or exceed current “best practices” regarding driver’s license and motor vehicle data security; and to serve as a Local Agency Security Officer (LASO) for DVS’s use of CJIS.
Required Experience:
- Six years’ experience in a security architect or engineer role.
- Three years’ experience in network engineering, including firewall management.
- Four or more engagements, within the last ten (10) years, in a security architect or engineer role where the engagement was longer than three months each.
- Three years’ experience in CJIS and Real ID security environment.
- Three years’ experience in and documented IT Security in law enforcement background.
- Experience with the design and implementation of information systems, in organizations with more than 50 people, with an emphasis on data, network, and infrastructure security.
- Comprehensive knowledge of hardware, software, application, and systems engineering.
- Broad knowledge of database systems, web-based technologies, and network security.
- Systems thinking – the ability to see how parts interact with the whole (“big picture” thinking).
- Knowledge of IT governance and operations.
Required Certification:
- CJIS Certification completed and up-to-date.
- CISSP or GIAC certification completed and up-to-date.
Desired Experience:
- Interpersonal and leadership skills – servant leadership, collaboration, facilitation, and negotiation skills.
- Communication skills – both written and verbal.
- Ability to explain complex technical issues in a way that non-technical people may understand.
- Time management and prioritization.
Responsibilities:
- Identify who is using the CSA approved hardware, software, and firmware and ensure no unauthorized individuals or processes have access to the same.
- Identify and document how the equipment is connected to the state system.
- Ensure that personnel security screening procedures are being followed as stated in FBI CJIS Security Policy and the Client's policy
- Ensure the approved and appropriate security measures are in place and working as expected.
- Support policy compliance and ensure the CSA ISO is promptly informed of security incidents.
- Conduct an annual audit of CJIS compliance and track remediation efforts on any items found
- Maintaining CJIS compliant network architecture
- Properly vetting all individuals with access to DVS physical and logical resources through the access control systems and best IAM practices
- Properly vetting all software and hardware vendors for CJIS compliance
- Working closely with client to utilize enterprise resources when possible and involving client on all technical projects
- Active involvement in all data access requests that may contain CJI to ensure CJI is protected accordingly
- Work through vendor agreements to ensure all security requirements are met or exceeded