Our client of 25 yrs is looking for a Security Governance and Compliance specialist to assist the manager in driving governance and compliance. This is hybrid, must be on site 2 days a week and for important meetings. If you are looking for an opportunity to drive the projects, this is a great opportunity for you. This is an indefinite contract, they need you every year.
Desired Experience:
Understanding of IT Systems: Knowledge of how operating systems work internally and familiarity with network protocols.
Effective Communication Skills: Ability to communicate with people at all levels of the organization and willingness to perform routine security compliance tasks.
Knowledge of Regulations: Familiarity with relevant regulations and compliance requirements such as NIST, PCI, and HIPAA. NIST is required.
Policy Development Skills: Demonstrated ability to develop, implement, and maintain effective compliance policies and procedures.
Documentation Skills: Experience creating clear and comprehensive documentation to guide employees in adhering to compliance standards.
Audit Experience: Experience with compliance audits and monitoring processes.
Audit Planning: Ability to develop and execute compliance audit plans.
Data Security Management Tools: Utilize data security management tools to monitor, analyze, and manage access permissions, user behaviors, and sensitive data usage.
Job Description:
1. Compliance Assessments: Participate in compliance assessments to implement countermeasures and mitigating controls. This involves identifying areas where the organization may be at risk of non-compliance and implementing measures to address those risks.
2. Vendor Security Analysis: Analyze vendor security for Requests for Proposals (RFPs), new product evaluations, and custom/purchased applications. This includes assessing the security risks associated with vendors and their products or services.
3. Issue Identification and Reporting: Assist in identifying and reporting IT governance and compliance issues as part of routine responsibilities. This involves identifying potential risks to governance and compliance and reporting them for mitigation.
4. Security Control Assessment: Perform and facilitate assessments, testing, and documentation of IT security controls and compliance requirements across various domains (e.g., NIST, HIPAA, PCI) and SOX domains (e.g., logical access, change management, IT operations, and application development). This encompasses assessing the effectiveness of security controls and identifying areas where compliance requirements may not be met.
5. Policy and Procedure Development: Recommend and contribute to the creation of policies, procedures, and standards, emphasizing best practices. This involves assessing existing policies and procedures, identifying gaps or areas of improvement, and developing new policies and procedures to address them.
6. Plan Review: Review System Security Plans, Incident Response Plans, Business Continuity Plans, and Disaster Recovery Plans. This includes assessing the adequacy of plans for addressing security risks and ensuring continuity of operations in the face of potential threats or disasters.
Qualifications:
- Highly desired are CISSP or CISA, other related certification.
- Experience with Change and Release Management based on ITIL best practices.
- 5+ years of experience conducting information security control assessments or audits.
- Strong oral and written communication skills essential for maintaining documentation, updating manuals, and producing reports.
- NIST
Benefits:
Health, Dental, Vision, 401K
ABOUT ESG CONSULTING:
ESG Consulting is an award-winning national provider of diversified information technology consulting services to Fortune 1000, public sector entities, and emerging growth firms nationwide.
Founded in 1986, ESG offers more than 29 years of experience in the IT staffing, Engineering and consulting industry. While local to Atlanta we are headquartered in Santa Clara, we have opened offices nationwide and to this day are consistently re- evaluating and expanding our service offerings and geographic capabilities. Today, we serve most major metropolitan markets.
ESG is an equal opportunity company. Our flexible management culture believes in creating a business environment that fosters personal and professional growth and achievement. We make ESG a place where people are treated not as employees but as "partners".