Work Location:Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
Interview Type:Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
Short Description:
Contract resource with senior Information Security Analyst skillset, with focus on Identity and Access Management (I&AM), risk analysis, and information security policy, standards and procedure development.
Complete Description:
The Department of Transportation is seeking a short-term contractor to implement and maintain information security best practices within the NCDOT environment related to Identity and Access Management (I&AM) as well as other information security risk assessments, analysis and consultation for various IT systems. Identity and Access Management (I&AM) is responsible for designing, developing and supporting a suite of agency wide shared services that primarily focus on identity, authentication, authorization, request management, provisioning, and certification. The staff is part of the IT Information Security Office (ISO), with end-to-end responsibility for the agency-wide information security policy and standards. The candidate should be an information security analyst with extensive information security operational experience, that also understands enterprise architecture, policy, standards and procedure and can consult with support, implementation and architecture teams.
Responsibilities will include:
- Working with project & team managers and stakeholders to produce high quality and detailed identity and access management business requirements as they related to information security
- Develop and enforce policies for identity and access management (I&AM) team for claims based authentication
- Define the information security policy, standards and process/procedures as required for utilizing an identity management system including:Â role mining, attestation, account provisioning, cloud/federated access provisioning, and others.
- Develop security policies and procedures for Roles Based Access Controls in claims based architecture
- Develop security policies and procedures for claims based architecture for Active Directory and Sharepoint
- Actively participate in assessment, planning, architecture, and design activities
- Design, document, and implement security controls for Identity and Access Management
- BizTalk, UDDI, web services, and claims based authentication experience
- Design, document, and put security governance in place for external claims based authentication
The position will be responsible for documentation of security standards, security patterns, processes and procedures related to securing of web services and interoperability of all systems for the 3C and Data Services project. The individual will educate application development teams on those standards and processes from an information security perspective.
Questions:
|
Questions
|
Questions
|
Answers
|
|
Question 1
|
Absences greater than two weeks MUST be approved by CAI management in advance, and contact information must be provided to CAI so that the resource can be reached during his or her absence. The Client has the right to dismiss the resource if he or she does not return to work by the agreed upon date. Do you accept this requirement?
|
|
|
Question 2
|
All work must be completed on site. Do you accept this requirement?
|
|
|
Question 3
|
Please list candidate’s email address HERE that will be used when submitting E-RTR.
|
|
|
Question 4
|
Please indicate how soon this candidate is available to start work. Vendors are encouraged to submit candidates that are available for the duration of the assignment.
|
|
|
Question 5
|
Vendor must disclose to the agency if the candidate will be subcontracted at the time of submission. Do you accept this requirement?
|
|
|
Question 6
|
Vendor must notify the agency if any portion of the requirements listed in this task order are to be outsourced to other countries. Do you accept this requirement?
|
|
|
Question 7
|
This role is not new to the Department. There has been someone working in the role in the past. However, this is a new requirement for those services and it is open for competition.
|