Vacancy expired!
- Tracking and monitoring Security & Compliance, Risk Management and Service Improvement projects as part of the Information Security Management System (ISMS) program
- Oversee ISMS regarding implementation, strategy, and regular maintenance. Conduct third-party risk assessments as part of the contract approval process, and the ongoing management of any risk mitigation measures
- Continually improves the quality of Security, Risk Management, and Service Improvement Projects through the use of Metrics and Key Risk Indicators (KRIs).
- Ensure required documentation is completed to support the California Consumer Privacy Act (CCPA), and other Information Security Controls.
- Participate in formal security risk analysis and technical assessment programs for various cybersecurity compliance initiatives and processes.
- Identifies internal control standard methodologies and promotes their adoption across the enterprise.
- Identify and raise awareness of potential risks, while proposing mitigation strategies.
- Promptly raise any high level or substantive risk or assessment findings with the appropriate responsible party in line with policies and processes. This includes issues with potential impact on company revenue, security compliance, customer asset loss, and any cross-functional impact.
- Responsibility for execution of security governance, risk, and compliance objectives by ensuring compliance with the security policies related to risk management, customer security requirements, and information protection as assigned by the direct supervisor.
- Monitor and direct resolution to ensure solution design meets standard architecture considerations and approvals - standard database structures, code standards, common components and reusable programs, security and performance levels system interfaces and dependencies.
- Explore new processes and tools/systems which will improve metric tracking, ensure efficient processes and increase knowledge sharing with the collaboration of internal stakeholders.
- Create metrics and analyze progress of initiatives, prepare solutions, and document Key Risk Indicators (KRIs).
- Other duties as assigned by the management.
- Bachelor's Degree in Business, Information Technology or other related fields. In lieu of degree, +4years of experience.
- Ability to interface with all levels within organization and provide input to facilitate decisions.
- Experience in supporting CCPA requirements or experience with GDPR
- Proficiency with MS Office products including some or all of the following Word, Excel, Access, PowerPoint, Outlook and Visio.
- Knowledgeable in Information Security & Compliance controls and standards (ISO 27001, HITRUST, HIPAA, PCI-DSS, etc.)
- Experience in implementing an ISMS program from the ground up
- Working experience with GRC tools such as OneTrust, RSA Archer, Logic Gate, etc.
- Knowledge of the California Consumer Privacy Act (CCPA)
- Analyst, Information Security specializing in Cybersecurity Risk Management:
- Knowledge of the HITRUST framework,) and General Data Protection Regulation (GDPR)
- Possesses one or more of the following certifications: Certified in Risk and Information Systems, (CRISC), Certified Information System Audtor (CISA), Security +, Certified Information Systems Security Professional (CISSP), or Systems Security Certified Practioner (SSCP), Factor Analysis of Information Risk (FAIR)
Vacancy expired!