Si alguien tiene lo que se pide o conocen de alguien, favor mandarme el curriculum al correo [email protected]

ITO_US_2010_GIS_Comp_Mgmt_002
This person must be advanced in their skills and abilities in dealing with risk management and compliance practices relative to networking solutions.
Persons in this function contribute their experience to engineers and solution designers who need guidance with security and compliance (ex: regulatory, PCI, etc.)
Prior security compliance and/or risk management experience is necessary.
The person in this role will be involved our Global Compliance Management System functions; will provide subject matter expertise in the management of the content for network/virtualization security policies and control standards.

Network & Virtualization Function Tasks

  • Assess network solutions against security controls & standards and identify risks and/or non-compliance to standards.
    1. Ability to review acquisition’s (businesses acquired by HPES and new clients for whom HPES delivers services) networks for compatibility to our existing network.
    2. Ability to assess risks associated with such acquisitions and then make recommendations (mitigation opportunities, etc.).
  • Evaluate network systems Implementation Procedures for compliance to control standards.
    1. Ability to connect network-related security policies and standards to the steps required for implementation.
    2. Ability to develop and communicate requirements to delivery teams for how network elements are to be implemented.
  • Identify and articulate counter-measures to mitigate risk and bring solution designs into compliance to security control standards.
    1. Ability to find and articulate to the engineers or solution designer mitigation techniques which can be used to enable business, yet maintain security controls.
  • Provide advice and counsel on conditional alternatives for achieving expected security controls.
    1. Similar to that above. However, must be able to convey this information in a non-technical sense to clients and/or account managers.
  • Deal Support
    1. Ability to work with Sales Support Center as new deals are developed and/or Requests For Proposal are completed.

· Assess deviation requests against control standards to evaluate risks as well as to evaluate any compensating controls for effectiveness.
1. Ability to work with delivery teams in the field as they encounter business and/or technical reasons to deviate from expected network control requirements. This requires the ability to link business and technical conditions.

ITO_US_2010_GIS_Comp_Mgmt_004
This person must be advanced in their skills and abilities in dealing with implementations of infrastructure solutions and tools. This currently requires dealing with vendor supplied products (CA ePC and Symantec ESM agents) and then linking those agents to HPES database and GUI solutions.
Persons in this function must be good problem solvers since they work closely with the systems administrators and network delivery teams to ensure routing of the agent generated data successfully reaches the collection systems (database and GUI interface).
Prior security compliance and/or risk management experience is necessary (ex: regulatory, PCI, etc.) so as to be able to relate the tested configuration controls to such audit or regulatory control requirements.
The person in this role will be involved our Global Compliance Management System functions; will provide subject matter expertise in relating the tested configuration controls to server-related security policies and control standards.

ePC/PCM & ESM/VSM

  • Implementation of new clients into ePC/PCM and/or ESM/VSM server security configuration scanning solutions.
    1. Ability to direct systems and security administrators in the use of the vendors’ agents.
    2. Ability to work with the infrastructure as designed.
    3. Ability to contribute to the modification (design & implementation) of the infrastructure as we migrate from vendor agents to internal HP solutions/tools.
  • Diagnose and resolve connectivity issues in routing ePC or ESM outfiles from client server networks to central reporting console.
    1. Ability to understand the problems encountered by systems and security administrators in the implementation of vendor agents.
    2. Ability to guide administrators and network delivery teams in resolving issues with routing agent-created output back to database and reporting consoles.
  • Create/test parsing routines - to filter and interpret data from ePC to PCM dashboard and ESM to VSM dashboard.
    1. Ability to code the routines which convert the raw data generated by the agents into data which is usable by the reporting tools.
    2. Availability to test such routines at various times (can include after hours or weekends).

· Implement VSM in other regions (AMS & APJ).
1. Ability to work with technical teams (administrators) in other regions to deploy the reporting solution used for ESM data (this is called VSM).
2. Availability to conduct this work in line with the times required from these other regions.

Server Compliance Function Tasks
This person must be advanced in their skills and abilities in dealing with server configuration security controls. This requires dealing directly with auditors in such a way as to credibly challenge the auditors’ opinions regarding the security controls used in managing server configurations.
Persons in this function must be good at describing compensating/mitigating controls so as to convince auditors against writing up audit issues in their reports.
Prior security compliance and/or risk management experience is necessary (ex: regulatory, PCI, etc.) so as to be able to relate the tested configuration controls to such audit or regulatory control requirements.
The person in this role will be involved our Global Compliance Management System functions; will provide subject matter expertise in relating the tested configuration controls to server-related security policies and control standards.


  • Evaluate operating system Implementation Procedures for compliance to control standards.
    1. Ability to articulate the procedures to be used in implementing the controls required by server-related security policies and standards.
    2. Ability to maintain regular working relationships with the Operating Systems Capability Teams (ex. Windows, Unix, Mainframe, etc.) so as to provide those teams with the counsel and advice regarding security control techniques.
  • Map Implementation Procedures to Security Control Standards and to Technology Baselines.
    1. Strong understanding of HPES ESIS and ability to navigate across Policies/Standards > Implementation Procedures > Assessment Procedures and then provide Subject Matter Expertise on the various Technology Baselines published.
    2. Ability to evaluate a Risk Management Program’s requirements and determine correct balance between cost versus risk. Provide recommendations as input into determining what is acceptable levels of risk.
      1. This requires an advance skill level in risk management & compliance principles
  • Train SAs on Control Standards and Implementation Procedures.
    1. Ability to train experienced administrators in a way as to be very credible and convincing as to their need to maintain security and compliance.
  • Train SAs on Compliance Program and Processes.
    1. Strong knowledge of the program, process and tools used to achieve compliance. Ability to teach. Ability to articulate the value of the compliance program.


ITO_US_2010_GIS_Comp_Mgmt_006

This person must be advanced in their skills and abilities in dealing with risk management and compliance practices.
Prior audit and/or risk management experience is necessary.
This person will be providing training and guidance and will oversee the work performed by a wide-range of ITO personnel.
Wide-range = From experienced audit coordinators to new compliance assessors.
The person in this role will be involved our Global Compliance Management System functions.

GCMS function tasks

  • Create/maintain compliance assessment procedures relative to specific technologies.
    1. Ability to create and maintain process and procedure level documentation focused on technology controls.
    2. These are used globally by the delivery teams when required to perform compliance assessments (defines what is required to prove compliance). These include detailed technology-based steps to be performed when collecting evidence. Examples: Windows, UNIX, Mainframe (&ACF2, RACF).
  • Where applicable, maintain General Controls Review assessment procedures.
    1. Ability to create and maintain process and procedure level documentation focused on general controls.
    2. Procedures (like above), but are not as specific to any particular technology. For example, Business Continuity and Disaster Recovery Plans, Tape Handling controls, Monitoring Operations, etc.
  • Advise audit and compliance coordinators in the field
    1. Requires mature skill level in risk management & compliance principles.
      1. Ability to train & guide audit coordinators around the globe in these principles as well as train them in the use/performance of our compliance management tools and processes.
      2. Ability to support the audit coordinators when it is necessary to argue against auditors. The purpose is to change or correct auditors’ perceptions of HPES controls and to prevent audit findings.
  • Assess quality of evidence, compliance to process.
    1. Ensure the delivery teams (compliance Assessors) and the people who validate compliance assessment evidence (Verifiers = Audit Coordinators) are correctly executing the Global Compliance Management System. “Complying to the Compliance Process”.
    2. Ability to counsel/correct the assessors/verifiers if there are problems in execution of the global process.
    3. Assist Audit Coordinators in review of Management Responses created for inclusion in client audit reports. Specifically, when managers have problems creating good quality responses to audit issues, this person must be able to help the manager focus the response to the actions and timeframes that will correct the non-compliance detected by the auditor.
  • Manage vendor product “Archer Smart Suite Framework” (This is the product in which we run what is called the Enterprise Security Information System (ESIS). ESIS contains our Enterprise Security Policies and Standards (ESPS) and the GCMS tool.)
    1. Content management.
    2. Define access controls (groups, etc.), onboarding/enabling new users.
    3. Support of software upgrades (test, model office, production)
    4. Respond to users’ inquiries for help with the tool.
    5. Possible programming responsibility for the functionality and features supported by the GCMS portion of the system.
    6. Ability to contribute to the conversion of our current highly-customized solution to a solution that is more simple (uses more of the standard features and functionality found in the vendor’s product).

Gracias !!