Job Description

Job Type: Contract

Contract length: 10 Months

Position Summary:

• The Threat Compliance & Governance Specialist assist with the development and maintenance of detailed information security procedures, processes, operational baselines, and operating standards.
• Candidates in this position interact closely with personnel from the Security Engineering Teams, the Threat Operations team and various other Information Security and Information Technology Teams to assist with ongoing audit assessments.
• Candidates work with technical staff to define and document processes and operational standards to ensure that security expectations are met.
• The position reports into the Threat Management Leadership team and will support three teams consisting of two specific functions: security engineering / administration and threat operations / incident response.

Position Accountabilities

• Accountabilities will include but are not be limited to coordinating audit response, providing audit evidence, developing process documentation and standard operating procedures to support regulatory expectations.
• Drive communications and manage scheduling to ensure necessary reporting and evidence is delivered as expected in a timely manner.
• Create and maintain audit calendars and coordinate with impacted teams and technical staff members.
• Provide consistent reporting into the office of Enterprise Threat Management on compliance readiness and governance health.

Essential Functions

• Research industry compliance regulations and policies for CMS Acceptable Risk Safeguards and NIST 800-53 Requirements.
• Evaluate internal operational and procedural compliance to industry standard for validation of current controls.
• Analyze and update existing compliance policies and related documentation.
• Communicates compliance policies and guidelines to Management and designated departments internally to ensure cohesion and delivery.
• Develops and executing new compliance policies and procedures as required.
• Develops and maintains a compliance recordkeeping system and repository for evidence request.
• Maintains communication with compliance regulators and follows up on application inventory for full coverage and compliance status
• Experience in analyzing and documenting data on technical security solutions
• Develop memorandums, reports, project plans, performance work statements and briefings as directed.
• Additional duties as may be assigned.

Additional Qualifications

• Foundational knowledge of information risk concepts and principles and impact
• Foundational knowledge of HIPAA, HITRUST, Center for Medicaid and Medicare Services (CMS) Acceptable Risk Safeguards (ARS), NIST, or other security controls framework and the ability to assess the effectiveness of controls.
• Ability to effectively facilitate knowledge sharing, conflict resolution, open discussion, and display the appropriate level of assertiveness.
• Knowledge of audit and assessment activities and processes.
• Proven ability to work under stress in emergencies with flexibility to handle multiple high-pressure situations simultaneously.
• Ability to interpret and communicate highly complex technical information clearly and articulately for all levels and audiences.
• Ability to manage tasks independently and take ownership of responsibilities
• Ability to learn from mistakes and apply constructive feedback to improve performance
• Strong customer focus with ability to manage customer expectations and experience and build long-term relationships.
• Strong team-oriented interpersonal skills with the ability to interface with a broad range of people and roles including vendors and IT-business personnel.
• Ability to adapt to a rapidly changing environment
• High critical thinking skills to evaluate alternatives and present solutions that are consistent with business objectives and strategy.
• Must demonstrate initiative and effective independent decision-making skill

Required Work Experience

• 3-5 year of related work experience or equivalent combination of transferable experience within IT Security
• 2+ years direct IT Security and Cybersecurity Audit work experience. Specific expert level technical experience may be substituted

Required Education

• Bachelors Degree in IT related field or demonstrated equivalent professional work experience

Preferred Qualifications

• CompTIA Security+
• ISACA IT Risk Fundamentals
• ISACA Cybersecurity Fundamentals
• ISACA Cybersecurity Practitioner (CSX-P)
• GIAC Information Security Fundamentals (GISF)
• ISC2 Systems Security Certified Practitioner (SSCP)

How to Apply

Job Types: Temporary.

92 total views, 0 today

Apply for this Job