CISSP Jobs - GRC Security Engineer, 16631

at Engage Partners, Inc.
Location Milwaukee, WI
Date Posted November 12, 2020
Category Default
Job Type Full-time

Description

*This position is 100% REMOTE!!

Duties:
As a member of the IT Security team the Governance Risk and Compliance (GRC) Engineer contributes to a comprehensive information security program. In accordance with industry frameworks (NIST PCI and HIPAA) and business needs to ensure regulatory compliance and operational effectiveness this position leads and collaborates in the development and operation of our IT GRC capability and requires an experienced IT GRC professional to lead initiatives associated with tactical risk analysis of operational controls and their effectiveness; develops and applies risk assessment methodologies and processes and generates artifacts; works with control owners and internal service provider(s) to prioritize the validation of control compliance; and facilitates identification and escalation associated control gaps and their remediation.

1 .Plans implements and maintains the IT security risk management program capabilities and collaborates with Compliance ERM.
2. Provides leadership and supervision over Health IT risk capabilities and compliance activities.
3. Assures assessment process effectiveness measurement and optimization of IT general controls within a complex technical environment.
4. Assists in the creation and maintenance of security risk management standards processes procedures and other program documentation.
5. Develops and executes methods to identify and consider relevant internal and external data to enhance objective data driven risk models.
6. Prepares reports and presentations for diverse audiences with varying business perspectives on cyber security risks and ITGC effectiveness.
7. Supports and administers new Governance Risk & Compliance (GRC) tools implementation and utilization.
8. Performs program management assessments and evaluations to determine compliance with PCI HIPAA and IT general controls.
9. Maintains a strong understanding of security frameworks (NIST CSF & NIST SP800-53) and how these frameworks apply to operational activities within the IT environment.
10. Monitors and analyzes security risks and metrics to identify themes trends correlations and variances.
11. Communicates risk intelligence in a manner that enables business decision-making.
12. Provides risk management subject matter expertise.
13. Provides leadership (no direct people management) to individual contributors building risk capabilities and build program oversight.
14. Assists with the design and implementation of the IT Security Risk Registry.
15. Assists in the establishment of program plans procedures data categorizations risk rank modeling and other factors to provide a holistic representation of IT security risks that the organization faces.
16. Develops implements maintains and oversees enforcement of policies procedures and associated plans for system security administration and user system access based on industry-standard best practices and internal business forces.
17. Assists in the development and execution of formal control structure and assessment risk methodologies processes and artifacts
18. Assists in the development and maintenance of an enterprise security controls framework
19. Processes analyses and tracks risk exception requests
20. Periodically reviews security controls for effectiveness and design
21. Maintains an awareness of proposed security standards state and federal legislations and regulations pertaining to information security.
22. Identifies IT Security requirement changes that will affect the organization’s requirements legal addendums and risk assessments and recommends appropriate changes

Skills:
• A minimum of 5 years of experience in a related field. 6 or more years of experience in a related field.
• In-depth knowledge of cybersecurity frameworks including but not limited to NIST CF HITRUST CSF ISO 27001.
• Experience leading risk assessment and remediation activities
• Expert knowledge of information security risk management frameworks and compliance practices
• Understanding of common healthcare security regulations (e.g. HIPAA HITECH Meaningful Use PCI DSS ISO2700x FDA etc.)
• Familiarity with security auditing and risk assessment processes
• Skill in documenting risk and compliance activities
• Excellent written and verbal communication skills interpersonal and collaborative skills and the ability to communicate strategic information security topics policies and standards as well as risk-related concepts to technical and nontechnical audiences at various hierarchical levels
• Sound knowledge of business management practices Knowledge of common security policy taxonomies and how they inform the creation of standards procedures and guidelines
• Experience responding to analyzing and communicating information security audits
• Understanding of general security concepts including but not limited to cryptography DLP Security Operations Center Security Managed Services SIEM FW Audit Cloud Security Mobile Security
• Self-starter who has the ability to work independently with minimal supervision
• Maturity to accept direction self-confidence to give direction
• In-depth knowledge of cybersecurity frameworks including but not limited to NIST CF HITRUST CSF ISO 27001.
• Experience in the implementation or usage of ServiceNow IRM / GRC
• Certifications preferred: CISA CRISC CGEIT CRMA CISSP & PCI- QSA
• Knowledge of the imbedded operating systems design and implementation desired

Education:
BA in Computer Science or related field is required or equivalent acquired through combination of education and experience.

Required Skills:
AUDIT
AUDITING
AUDITS
BUSINESS MANAGEMENT
CISA
Additional Skills:
CISSP
CRYPTOGRAPHY
CYBER SECURITY
DLP
DOCUMENTATION
DOCUMENTING
ENGINEER
EXCELLENT WRITTEN
EXCELLENT WRITTEN AND VERBAL COMMUNICATION SKILLS FDA GOVERNANCE HIPAA INFORMATION SECURITY ISO ISO 27001 MAINTENANCE METRICS MOBILE SECURITY NIST OPERATIONS OPTIMIZATION PCI PROGRAM MANAGEMENT REMEDIATION RISK ANALYSIS RISK ASSESSMENT RISK ASSESSMENTS RISK MANAGEMENT SECURITY SECURITY ADMINISTRATION SECURITY AUDITS SELF-STARTER SIEM SYSTEM SECURITY SYSTEMS DESIGN

Minimum Degree Required:
Bachelor's Degree

Certifications & Licenses:
CISA
CISSP

Please forward your resume to [Click Here to Email Your Resumé] for immediate consideration.

Drop files here browse files ...