Previous Job
Previous
GRC/BC Consultant
Ref No.: 18-64227
Location: St. Paul, Minnesota
Position Type:Contract
Start Date: 09/04/2018
 Description
This position will work closely with the Sr. Manager of Information Security Governance, Risk, Compliance and Business Continuity.  We seek an individual who has knowledge and some experience with two or more of these domains.
They will take direction from and be responsible to deliver assigned projects and tasks; developing the project, implementing, providing status, seeking out assistance when issues, concerns, obstacles, risks arise, and the daily management of assigned work.
Brokerage's security and compliance program is based on ISO 27001:2013, SOC 2, Type II framework. When collaborating with other Brokerage stakeholders, this position will identify and help drive the mitigation of information and compliance risks and drive cultural and behavioral integration of the information security program by employees, suppliers, vendors and contractors.
Position Responsibilities:  
GOVERNANCE
•             Review, update and maintain accurate Governance-related Compliance audit records in preparation and execution of Internal, External Compliance Audits throughout Quarter and Year.
•             Assist with Brokerage Information Security Policy, Standard, Procedure updates as needed and directed.
•             Assist with Executive Team Governance Meeting process update, documentation as directed.
•             Assist with annual budget development, forecast development, expense management tracking as directed.
RISK MANAGEMENT
•             Assist with internal security-based risk assessments.
•             Perform Information Security Risk Register item status, progress update research and entry, closure evidence collection and entry, new risk data collection and entry, monthly dashboard reporting and other ad hoc reporting activities.
•             Assist GRC/BC Sr. Manager and coordinate internal and external risk assessments with the identification of key risk assessment stakeholders and participants, serve as liaison between Brokerage stakeholders and risk assessment teams, oversee risk assessment documentation version control, evidence collection and release to external risk assessors, draft risk assessment status updates to Brokerage Leadership, etc.
BUSINESS CONTINUITY
•             Obtain and document status of planned Business Continuity and Information Technology Disaster Recovery tests.
•             Obtain and document status updates of Business Continuity and Information Technology Disaster Recovery corrective action plans pending completion from recently completed test.
•             Assist Security Business analysis with BIA conversion into new BCP tool 'ResilienceOne'.
•             Assist Security Business analysis with Plan Owner's Training creation and delivery and the Plan Owner's Business Continuity Plan and Information Technology Plan migration into the newly procured BCP tool. 
MISCELLANEOUS
•             Any other duties that may be required from time to time.
Requirements
•             Prefer Bachelor's Degree in Information Technology, Computer Science or related field
•             3-4 years of broad professional experience across a wide base of information security disciplines of which 1-2 years spent with corporate governance and risk:
•             Experience with:
o             Project management
o             Risk management methodologies and tools
o             Customer support and account management
o             Audit management and internal audit standards
o             Governance frameworks including ISO27000, SOCII, HITRUST.
•             Knowledge of:
o             Performance management metrics and reporting
o             Process control design and testing methods
•             Skills and Abilities with:
o             Strong personality – ability and credibility to influence
o             Strong subject matter credibility – Must have knowledge and ability to take a practical/business-relevant approach, resulting in a practical yet compliant solution
o             Excited, interested and engaged in security and compliance and our business
o             Demonstrate ability to take initiative and accountability for achieving results
o             Strong oral and written communication skills
o             Customer-driven to understand and appropriately respond to customers' needs
o             Self-directed