Company Description
Founded in 2017 Perfecta is a division and a wholly owned subsidiary of City National Security a well known and reputed company providing IT Consulting , Staffing and Security services throughout the United States. Perfecta brings a rich experience of over 12 years in providing fully scaled IT Consulting and Staffing & Recruiting services. Perfecta brings a successful track record of delivering value based quality professional solutions at economical price to its customers across the U.S. Perfecta has successfully executed various IT and Staffing projects with its government and commercial clients and has consistently provided quality services to its customers.
Job Description
Part I. General Information
Under this Statement of Work (SOW), the Contractor shall analyze, recommend, create working documentation, guidelines, policies, standards, instructional procedures, and conduct assessments to support the implementation of the following:
• PERS Information Security Awareness and Training Program
• PERS Information Security Program
• Reorganization and alignment of PERS Information Security policies, standards, and procedures
Part II. Work
The Contractor shall comply with OPERS contractual deliverable review and approval processes by working with OPERS Quality Assurance in utilizing the Quality Checkpoint process attached to this SOW as Attachment 1. Quality Checkpoint is a Quality Assurance process to verify that major deliverables in the project have been reviewed and approved by their respective stakeholders.
PERS Information Security Awareness and Training Program
Contractor shall assist OPERS’ CISO in the creation, documentation, and implementation of a structured Information Security Awareness and Training Program. Contractor shall work with OPERS to plan, document and implement solutions to fit the needs of OPERS. Tasks to support OPERS’ Information Security Awareness and Training Program include, but not limited to:
1. Define activities to be performed to enable and implement the Security Awareness and Training Program
2. Research and document materials needed to implement the program
3. Research and document delivery methods and related activities to implement the program
4. Research, obtain stakeholder buy-in, and document a regularly occurring schedule of activities.
5. Develop content for PERS specific, role based training for data/system owners/custodians.
6. Develop content, produce materials for PERS specific training for staff.
7. Deliver Security, Awareness and Training materials, presentations, etc. to targeted audiences
Reorganization of PERS Information Security policy structure
In the first phase of policy, standard, procedure creation, emphasis was placed on creating required policy documentation to address HPE findings. In this second phase, the emphasis is to consolidate and reorganize the policy structure, resulting in fewer policies, and more specific requirements, based on security domains:
1. Identify and convert redundant policies to standards as appropriate
2. Align policy structure to NIST CSF domains
3. Address gaps by creating policies, standards, and procedures as identified and needed.
Implementation of PERS Information Security Program
Initialize and implement operation of Information Security program:
1. Conduct Third Party and Software Development Information Security assessments
2. Initialize policy exception requesting, approval, denial, and risk acceptance process.
Part III. Special Considerations
Contractor acknowledges and agrees that any and all information regarding OPERS installation, design, configuration, data migration will be kept confidential.
Part IV. Travel and Other Expenses
OPERS shall not reimburse Contractor for any expenses under this Contract. Work must be completed on-site, Tigard, OR
Additional Information
All your information will be kept confidential according to EEO guidelines.
Tigard OR United States