Address
Form of workJob Description
Job Description:
Pay Range 93hr - $97hr
Responsibilities:
Pay Range 93hr - $97hr
Responsibilities:
- Support the GRC operating model and the service-oriented customer engagement model.
- Support GRC capabilities, such as enterprise security risk management, compliance and audit management, policy management, security awareness training, third party risk management, and metrics and reporting.
- Assist to manage security compliance programs and activities that support various compliance regulations.
- Perform risk assessments that address security threats, changes to systems and/or applications, process improvement initiatives, supplier assessments (including downstream outsourcers) and other requests from the business.
- Collaborate with various operational and business teams to complete assessments and drive remediation items to closure.
- Maintain accurate reporting of remediation activities to bring appropriate visibility to stakeholders and leadership.
- Monitor the security risk profiles and events of our suppliers to objectively determine high risk suppliers that require additional review and treatment plans.
- Establish and maintain security metrics and reporting.
- Respond to customer security/compliance questionnaires.
- Act as security risk management ambassador to internal customers.
- Support the development of automation activities. Accountable for.
- The use of defined risk methodologies and best practices to perform IT/Security assessments. Responsible for the planning, scoping, tracking, and execution of these assessments.
- Driving remediation activities from identification, remediation plan and closure. Hold owners accountable to delivery of remediation solution within the agreed upon/reasonable SLA.
- Operations and improvements of security audit and compliance programs to support various compliance regulations.
- Operationalization of a metrics and reporting function to continually report on meaningful security, risk, and compliance metrics for operational and executive management.
- Support the automation of KRIs and KPI reporting that align with operational/business risk areas and corporate risk. Qualifications.
- Candidate must have 4+ years working in governance, risk, and compliance and/or information security and risk management.
- Functional knowledge of the CISSP security domains and information security industry standard and best practices.
- Functional knowledge of applicable security regulatory requirements (SOX, GDPR).
- Functional knowledge of ISMS governance models (i.e. ISO 27001, NIST, CAIQ), information security roles, security controls.
- Functional knowledge of common security certifications (i.e. ISO 27001, SOC1, SOC2, Web Trust) and ability to glean significance from findings identified in these reports.
- Ability to communicate risk methodologies and concepts to business units and IT teams.
- Demonstrated experience with controls definition, development, implementation, and assessment.
- Strong interpersonal skills and ability to work effectively with diverse and distributed teams.
- Strong attention to detail, project management and organizational skills.
- Self-starter with the ability to effectively manage independent workloads asynchronously with stakeholders across multiple time zones.
