Risk Assessor

The qualified candidate will join a team that is responsible for the assessment of information systems that are supported by multiple operating systems, databases, and software development technologies.

TAX seeks an experienced risk assessor in Richmond, VA. The candidate will assist agency personnel in performing risk assessments in accordance with Commonwealth and Agency procedures as well as identify opportunities for improvement. The underlying information infrastructure includes Linux, UNIX, and Windows operating systems;
Oracle and Microsoft SQL Server databases, and multiple software development languages that include Power Builder, Java, .NET, etc. to name a few.

The IT Risk Assessor is responsible for assisting with meeting security and compliance requirements per state and federal standards. The risk assessor will review information system security controls and evaluate their efficacy in mitigating associated risk. The risk assessor will work closely with system owners, data owners, and system administrators to conduct interviews and review technical information. The assessor will provide an executive summary of the assessment along with a completed VITA Risk Assessment Template for each system evaluated.

An information system security risk assessment should also be performed in compliance with SEC
501.09 and SEC
520.00 using the risk assessment template: ((Use the "Apply for this Job" box below).).

• Appeals and Rulings
• FACSYS
• Fraud Identity Theft
• TAXi (SharePoint)
• Teleplan
• eFile
• Keylight
• Remit
• Report Manager

• Assist with meeting security and compliance requirements per state and federal standards.
• Review information system security controls and evaluate their efficacy in mitigating associated risk.
• Work closely with system owners, data owners, and system administrators to conduct interviews and review technical information.
• Provide an executive summary of the assessment along with a completed VITA Risk Assessment Template for each system evaluated.
• Ensure assessments are performed in compliance with SEC
  501.09 and SEC
  520.00.

• 2+ years of experience conducting IT risk assessments.
• Strong knowledge of analyzing system security controls implementation and efficacy.
• Experience working as a member of a core team and independently with minimal supervision.
• Strong attention to detail and effective written and verbal communication skills.
• Experience creating technical documentation and reports.
• Knowledge of SEC
  501 security standard.
• Knowledge of IRS Pub 1075 and CIS benchmarks.
• Familiarity with technologies such as Java, .NET, Windows, Linux, UNIX, MS SQL, and Oracle.

• Vulnerability scanning and analysis.
• Intrusion Detection/Prevention System (IPS/IDS).
• Security Event Logging.
• Firewalls and other network security technologies.

• Ability to lift no more than 50 lbs.

All your information will be kept confidential according to EEO guidelines.