Estimated Length: 12 months 37.50 hours per week
This position is responsible for supporting and maintaining a Cybersecurity risk and compliance program and strategy that monitors adherence to cybersecurity security requirements and drives remediation of unacceptable risks.
Desired knowledge, skills, and abilities include extensive knowledge of information risk concepts and security controls. The ability to evaluate and interpret the risk implications of non-compliance or changes to compliance requirements. Strong organization skills and attention to detail with the ability to tackle competing priorities. Strong verbal and written communication skills used to convey to both non-technical business owners and technology personnel. Experience with COSO, PCI, HIPAA, ISO 27000 series or other risk control frameworks. There is a preference for prior hands-on technical experience and one or more relevant certifications: CISSP, CISA, CIPP and/or technical IT security credentials. Must have Working knowledge of general technology and security concepts. The responsibilities Include:
• Support the Client in implementing, maintaining, and supporting an IT Risk and Compliance Program that is consistent with defined risk strategy, framework and processes.
Support PCI compliance engagements across the enterprise.
Monitor security violations and follow remediation efforts. This responsibility includes escalating significant risk exposures, identifying root causes, providing guidance regarding resolution and coordinating approval of risk acceptance (policy exceptions).
Deep understanding of security principles, policies and industry best practices
Knowledge of FISMA, NIST, DISA, ISO 17799, PCI, GLBA and HIPAA a plus
Provide routine risk profiles with actionable metrics and ensure periodic testing to monitor adherence to policies and procedures.
Coordinate responses to internal client Departments, and other stakeholders and react to adhoc compliance requests.
Assist with the implementation and management of risk assessment technologies for identifying risk and compliance as well as ensuring they are providing accurate and meaningful metrics
Work collaboratively with others within and outside of function to achieve goals, reduce costs and to ensure that work is completed accurately and on time.
Monitor changes in the cybersecurity risk and compliance landscape and advise on necessary modifications to security controls and processes.
Assist with revising cybersecurity policies and standards as well as their alignment of general technology policies with security requirements.
Assist with the development and/or ensure adherence to policy approval and publishing workflow
Enforce the routine review of policies, standards and associated procedures to ensure current, appropriately approved and communicated documentation
Research and advise management on relevant laws, regulations, and policies and procedures as well as significant changes that may impact security posture. Assist with the development of information security awareness campaigns that targets both end users and specialized audiences (i.e., PCI/HIPAA managers)
Additional Skills and Information:
Experience with Governance Risk and Compliance tools
Strong analytical skills to develop and maintain various risk registers