IT Security Risk, and Compliance
ShiftCode Analytics - hartford, CT
Apply NowJob Description
Position Title: IT Security Risk, and Compliance Location: Hartford, CT Position Type: Hybrid Consultant - Onsite 2 days - Remote 3 days per week. Duration: 6 months to 1 year consultant SUMMARY: Our client is a division of the State of Connecticut. They have asked us to find two consulting Governance Risk and Compliance Information Security Technical Writers to satisfy regulatory compliance requirements and manage risk to an acceptable level. These roles are hands-on and will be responsible for actively managing, monitoring, maintaining, analyzing, developing, implementing, advising and responding to ongoing IT security needs. The individuals selected for these roles will serve as specialists in evaluating and monitoring IT security risk and assist with developing and maintaining compliance controls in adherence with federal and other government required cyber security frameworks. These roles will also assist with the continuous assessment of adequacy and effectiveness of IT security controls, provide expertise, development, and support to the risk mitigation plans across the organization collaborating with various functional areas and stakeholders, inclusive of vendors and partners. RESPONSIBILITIES: Develop, monitor, and maintain policies, procedures, system security plans (SSP), and plans of action and milestones (POA&Ms) in adherence with regulatory compliance requirements and audit needs. Assist with coordinating and executing IT Security & Compliance assessments and audits against federal cyber security frameworks (IRS Publication 1075, CMS MARS-E, NIST Cybersecurity Framework). Manage and monitor remediation plans for compliance and mitigation of risk; perform risk and compliance self-assessments, and engage in and coordinate third-party risk and compliance assessments. Facilitate, track, and manage vulnerability remediation based on risk categorization, communicating risk, and reporting on mitigation status. Assist with documentation, implementation, deployment, and maintenance of the Governance, Risk and Compliance (GRC) tool which would serve as a source of truth for all internal/external audits as well as a central tracking tool for all the identified gaps. Participate in technical vulnerability assessments and security reviews of infrastructure, network, applications, and databases. Monitor, analyze, and generate reports on company's security landscape utilizing GRC and other state of the art security and compliance tools. Assist with responding to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; interact and coordinate with third-party incident responders, including law enforcement. Prepare incident response reports that take note of security incidents and action taken to mitigate risk. Provide IT security risk expertise to support vendor and project security reviews and initiatives. Prepare and work with the different stakeholders to implement business continuity, system-wide disaster recovery and incident response plans. Bridge information security requirements with business processes and IT systems and projects. Analyze trends, news and changes in threat and compliance environment with respect to organizational risk. Analyze and recommend security controls and procedures in business processes related to use of information systems and assets, and monitor for compliance. Develop, administer, and provide advice, evaluation, and oversight for information security training and awareness programs. Completes other tasks, as assigned. EXPERIENCE AND SKILLS: Bachelor's degree in Management Information Systems, Cybersecurity, Computer Science or related Information Technology field and/or equivalent industry experience. A minimum of 3-5 years of combined hands-on experience in Information Security, Information Technology, Audit, or Governance, Risk, and Compliance. One or more of the following security certifications is preferred or in process: Certified Information Systems Auditor (CISA) Certified Information Systems Security Professional (CISSP) Certified in Risk and Information Systems Control (CRISC) Global Information Assurance Certification (GIAC) Working knowledge of common Cybersecurity Frameworks including the National Institute of Standards and Technology Cybersecurity Framework (NIST-CSF), NIST SP 800-53, FedRAMP, and Center for Internet Security (CIS) Critical Security Controls. Applied knowledge of technologies for data mapping, risk assessments, third party risk management, compliance tracking, and security controls management. Solid organizational and excellent verbal and written communication skills. Ability to successfully multi-task while working independently or within a group environment. Ability to collaborate with internal and external stakeholders in an effective manner that produces desired results. Ability to effectively meet business objectives in a highly collaborative and high-performance work environment. OTHER: Hallmark and our Client are Affirmative Action, Equal Opportunity Employers. We encourage all qualified people with the current right to work for any employer in the USA to apply.
Created: 2024-11-05