Previous Job
Governance, Risk, & Compliance Analyst
Ref No.: 18-05605
Location: Wichita, Kansas
Position Type:Direct Placement
Pay Rate : $ 85,000.00 - 110,000.00 /Year
·         Monitor and report on compliance with security policies, as well as the enforcement of policies across the enterprise.
·         Provide support and guidance for legal and regulatory compliance efforts, including audit related support as needed.
·         Conducts third-party audits as required in order to maintain certifications and compliance certificates.
·         Review risks, threats, vulnerabilities and oversee the development of corrective action plans in partnership with management, IT personnel, and other relevant groups.
·         Deploy, manage, and maintain a formal information security risk register and the corresponding or associated software.
·         Direct risk evaluation and compliance management processes as assigned.
·         Follow up on deficiencies identified in reviews, self-assessments, automated assessments, and audits to ensure appropriate remediation plans have been developed and corrective measures have been taken and documented.
·         Lead efforts in regulatory compliance and industry best practice standards with PCI DSS, SoX, HIPAA, ISO 27001/27002, NIST, etc.
·         Consult on other types of security (e.g., security architecture, secure development lifecycle, physical security issues) as needed.
·         Manage the development and implementation of information security policies, procedures, and guidelines.
·         Provide guidance and support to management on all policy and standards issues related to information security.
·         Ensure employees and third parties understand and fulfill applicable information security policies and standard requirements.
·         Develop and conduct information security training and awareness activities.
·         Perform other duties as assigned
·         7+ years of experience in information security governance, risk, and compliance program management.
·         Bachelors' degree in Computer Science or Information Systems from an accredited college or university, or equivalent of related discipline.
·         Proven track record in delivering results in a fast paced and highly complex organization.
·         Ability to understand and apply knowledge of information systems security concepts (, secure architectures, secure electronic data communications, network security, and protection of sensitive data).
·         Must be knowledgeable about ISO/IEC 27000 series standards, SoX, PCI requirements, and other regulatory compliance requirements, and have experience working in these environments.
·         Prior policy development and enforcement experience in a regulated environment.
·         Prior experience with information security risk management program development and implementation.
·         Ability to relate business requirements and risks to policy and technology implementation.
·         Knowledge of risk assessment and remediation procedures.
·         Ability to work well with other members of the team, peers, and senior management.
·         Strong communication, interpersonal and presentation skills.
·         Experience with ISMS Performance Metrics & Reporting.
·         An advanced degree or security industry relevant certifications preferred.