Previous Job
IT - Cyber Security Controls Assessor - Expert
Ref No.: 18-02963
Location: San Francisco, California
Start Date: 03/28/2018
***SUBMIT CANDIDATES LOCAL TO BAY AREA ONLY*** Bachelors degree Certified in Risk and Information Systems Control (CRISC) certification Certified Information Systems Auditor (CISA) certification Utility Industry experience,1yr Experience in Information Technology (IT) risk management, IT compliance, IT Audit, IT security Experience in project management, job-related Leadership experience, job-related Experience at , job-related 

• Support Third Party Security and Risk Management Program cycle by overseeing /tracking remediation of deficiencies, Management Action Plans, Risk Acceptance Requests and reporting status of remediation efforts. • Perform retesting of vendors security controls that have been remediated or updated as a result of previously identified deficiencies. • Obtain, review, and interpret evidence provided to validate controls are performed effectively. • Prepare, plan, conduct, and report remediation assessments in accordance with industry best practices and established standards. • Obtain, review, and interpret organizational IT policies, standards and procedures to identify control points that would assist in mitigating risk to the business. • Prepares routine reporting to management and escalates concerns in a timely fashion • Review test results or interpret evidence for vulnerabilities, gaps, or control deficiencies; work with stakeholders to establish plans for sustainable resolution. • Liaises with Managers, and Individual Contributors on Vendors Security and Risk Compliance Assessment topics • Partner with Line of Business contacts and contract owners to ensure deficiency mitigation and documentation is updated periodically to reflect vendors security posture • Perform other tasks as necessary to ensure Third Party Security Review Team meets its commitments to customers • Support the Third Party Security & Risk Manager on the preparation of materials for monthly, quarterly, and annual vendors security Compliance reviews and as needed.