Specifications include, but are not limited to: The purpose of this RFP is to procure and implement the services of a virtual Information Security Officer (vISO) and managed security services, including email, phone, and on-site support. The vISO will proactively collaborate with business units to develop and implement an Information Security Management Program, including policies and procedures, which meet the defined standards for information security and cyber security strategy. The effort will include collaboration, advisory, and hands-on security implementation efforts. WaterOne desires a candidate with a combination of technical and interpersonal skills. The vISO services will consist of executive-level consulting and information security expertise, akin to that which would be provided by a full-time, in-house Information Security Officer. The primary goals and objectives of the development of an Information Security Program are to: 1. Evaluate and provide guidance for direction of WaterOne’s Information Security Program 2. Itemize, catalogue, evaluate and, as necessary, develop WaterOne’s Information Security Policies and Procedures 3. Identify, itemize, and categorize WaterOne’s security information assets 4. Identify and confirm WaterOne’s vulnerabilities to information systems from internal and external threats 5. Identify and confirm WaterOne’s vulnerabilities to information systems from internal and external threats by auditing the current architectures and system configurations 6. Itemize, quantify, and rank WaterOne’s information security risks, based upon the potential impacts to the organization 7. Minimize or eliminate business risks and exposures by identifying short-term and long-term options and solutions for remediation of identified vulnerabilities 8. Determine the appropriate approach to develop or improve on existing Information Security Program 9. Recognize solutions to risks, vulnerabilities, and/or threats
