Full Time, Employee
This position is responsible for the implementation and success of the information technology (IT) Governance, Risk, and Controls (GRC) program which will have far reaching change impact on the culture and behavior of IT professionals. Responsible for the development and management of standard security programs, security documentation and risk management to include audit risk assessment, remediation and framework compliance using industry best practices.
Knowledge and understanding of how to implement and develop best practices for risk and audit program to ensure compliance to NIST, ISO, COBIT and other standard security controls.
DUTIES AND RESPONSIBILITIES
Information Security System Security and Security Controls
- Develop and oversee the administration and content of security policies, federal documentation to include System Security Plan, Incident Response Plan and other standard security documentation following best
- Develop requirements for the ESO Governance, Risk and Compliance tool modules that will meet security best practices, automate manual work, and build
- Analyze control frame works, federal requirements and security best practices to recommend mitigation for gaps in security controls for information
- Knowledge of system processes to coordinate responses and interviews with subject matter experts.
- Knowledge of security program to be able to respond high level to policies, controls, BCP/DR, Incident Response, risk, overall security practices and
- Assist in the development of an Audit process to include coordination of resources, evidence/artifacts, remediation processes and ensure processes are automated (using GRC tool) and improve efficiency and
- Provide executive reports and dashboards on security processes and programs as
- Participate in audit coordination, review, documentation, evidence and
- Provide input to Information Security Policies that adheres to state and federal
- Perform tasks related to the deployment and management of the installation for risk
- Develop policy and program for IT risk management that adheres to NIST 800-53 and industry best
- Challenge the status quo and recommend process
- Drive governance around risk management (i.e. ensure organizational frequencies of risk assessment and
- Develop risk, governance and control compliance modules in the RSAM Governance Risk and Compliance tool, (GRD)
Analysis and Documentation
- Provide guidance on the controls necessary to protect sensitive data and achieve regulatory compliance.
- Provide documentation and including procedures for security processes and programs under you
- Provide documentation including procedures for risk management (IT)
- Analyze processes and provide recommendations for
- Coordinate quality control
EDUCATION AND EXPERIENCE Minimum qualifications: Bachelor’s degree in computer science, five or more years of information security work experience or the equivalent combination of skills, experience and/or certifications.
- Demonstrated ability to challenge the status quo, identify issues, and provide viable suggestions to
- Proven excellent writing skills including the ability to proof read for proper language and grammar, and editorial
- Effective skills with time management, organization and
- Possess a high level of integrity and
- Strong attention to
- Ability to analyze complex information (e.g. probe, examine, and scrutinize).
- Required to obtain relevant security certification(s) within the first two years of