Controls Scoping Advisor (Hybrid Multiple Locations)

Our History:From our start in 2009, Conexess has established itself in 3 markets, employing nearly 200+ individuals nation-wide. Operating in over 15 states, our client base ranges from Fortune 500/1000 companies to mid-small range companies. For the majority of the mid-small range companies, we are exclusively used due to our outstanding staffing track record.Who We Are:Conexess is a full-service staffing firm offering contract, contract-to hire, and direct placements. We have a wide range of recruiting capabilities extending from help desk technicians to CIOs. We are also capable of offering project-based work.Conexess Group is aiding a large healthcare client in their search for a Controls Scoping Advisor in a hybrid capacity. This is a long-term opportunity with a competitive compensation package. This is a hybrid position requiring a candidate local to one of the following locations:Bloomfield, CTSt. Louis, MOPhiladelphia, PAOboarding/training the worker would be required to be onsite 5 days a week and then can move to a 3 day in office schedule**Responsibilities:Partners with the enterprise to develop and implement security solutions and capabilities that are aligned with business, technology and threat drivers. Performs critical security reviews of application and systems on enterprise projects. Performs focused risks assessments of existing or new services and technologies, security architecture, identifies design gaps, risks, and recommends security enhancements. Reviews design artifacts like Network diagram, data flow diagram, scan reports and provides feedback and guidance. Assists project teams in the implementation of security measures to meet corporate security policies, standards and external regulations, e.g., Sarbanes-Oxley, HIPAA. Maintains appropriate security documentation for applications and systems. Communicates risk assessment findings to information security customers or business partners. Serves as an Information security expert and trusted advisor to partners in IT and the business to enable them to make informed risk management decisions. Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing residual risk. Maintains strong working relationships with individuals and groups involved in managing information risks across the organization. Stays up-to-date on current and emerging security threats and designs security architectures to mitigate them. Qualifications: BS or MA/MS in Computer Science, Information Security, or a related field is preferred OR equivalent work experience with the preferred certifications outlined below:Certified Information Systems Security Professional (CISSP), Certified Cloud Information Professional (CCSP), Certified Information Security Manager (CISM), and/or Certified Risk and Information Systems Control (CRISC), Security+, Network+, etc. Strong Communication skills, ability to speak to and document risks and possible solutions, and clearly articulate these to the business in laymen's terms if necessary. Experience of working in an agile environment and Secure Software Development Lifecycle (SSDLC) Working knowledge or understanding of following technologies/solutions/methodologies:Secure application architecture design and review Secure web services and mobile app design and review Encryption, hashing and key management Multifactor authentication, logging and vulnerability management Cloud Computing (AWS, Azure, Google, Private) OpenStack, ACI, OpenShift, Docker Static and dynamic code scans

Created: 2025-01-30