Vacancy expired!
- Performing mid and large IT and information security risk and compliance assessments, PCI engagements, audits, gap analyses, and remediation
- Actively lead projects in the areas of PCI-DSS, PA-DSS, HITRUST, and ISO 27001.
- Communicating with project stakeholders to effectively convey requirements of technical and process improvements
- Develop customized policies, procedures and controls, disaster recovery plans and technical documentation for applications, systems and infrastructure.
- Possess an in-depth knowledge of IT security and various frameworks (i.e COBIT, NIST, ISO etc.)
- Experience in managing Policy exceptions, including working directly with the teams to document exceptions, identify compensating controls and remediation action plans.
- 5+ years of experience in the information security, enterprise risk or compliance field.
- At least one other Security, Risk or IT certification (i.e. CRISC, CISA, CISSP, or ISO 27001) achieved or in process.
- Bachelor's Degree from an accredited 4 year university.
- Strong background within these disciplines:
- Compliance: regulatory, privacy, international laws and statutory requirements.
- Risk: risk frameworks, enterprise risk methodologies, and IT Security risk methodologies.
- Governance: maturity models, vendor management, policy frameworks, control design and security design/architecture.
- Security architecture: infrastructure, network and systems design.
- Knowledge of and hands-on experience with PCI, FEDRAMP, SOC2, and ISO 27001.
- Communicate effectively across business and technical boundaries.
- Work independently without detailed guidance.
- Be proficient in writing executive level reports and technical documentation.
- Client facing
- Risk assessments
- Compliance assessments
- GRC Consulting
- Policy and controls planning/stategy
- Data privacy and security consulting
- Internal/external network vulnerability assessments
- Penetration testing
Vacancy expired!