Previous Job
Previous
Security Compliance
Ref No.: 18-06520
Location: Raleigh, North Carolina
Position Type:Contract
Start Date / End Date: 05/01/2018 to 04/30/2019
Role: NCDIT- Security Spec- Compliance/EGRC
Location: Raleigh, NC 27609
Duration: 12 Months
 
  • The Specialist will perform compliance assessment of Information Technology security controls and ensure timely reporting of issues and remediation actions. .
  • In conjunction with the Enterprise Security and Risk Management Office (ESRMO), the Specialist will perform compliance assessment of Information Technology security controls and ensure timely reporting of issues and remediation actions.
  • The candidate will be responsible for monitoring and testing the effectiveness of NIST security controls and compliance with all applicable Federal, State and pertinent mandates, and policies.
  • This position will also be directly responsible for the oversight of remediation actions using the State’s Governance Risk and Compliance (GRC) tool for tracking and reporting purposes.
  • This position must stay abreast of regulatory changes and assess the impact of the changes to infrastructure and security and privacy policies.
Duties and Responsibilities:
 
  • Identify aggregate, report and escalate compliance risks, issues and control enhancements
  • Respond to internal and external inquiries for information to clarify regulatory requirements;
  • Assist with development of processes to identify, quantify, analyze, and report on Data Center Risk and Compliance status
  • Update relevant policies to ensure they reflect regulatory requirements
  • Implement and maintain attestation documentation sufficient to ensure compliance with Federal and State regulatory, legal, and functional related policies and procedures
  • Assist in the execution of governance and management routines.
  • Contribute to monitoring and testing of security controls, plans and related metrics.
  • Configure, Operate and Maintain the statewide GRC tool
  • Monitors risk mitigation and coordinates policy and controls to ensure that other business units are taking effective remediation steps
  • Working knowledge of statistics & the ability to apply statistical techniques in evaluation designs & analysis.
  • Ability to supervise projects & give instructions to technical staff & consultants as needed.
  • Supports key business initiatives by identifying compliance risks and providing resolutions to manage these risks.
  • Serves as a resource regarding compliance impact on matters such as agency business risks.
  • Leads and reviews application security risk assessments for new or updated internal or third party applications
  • Collaborate with broad group of stakeholders to ensure compliance with State and Federal policies and standards.
  • Serves in an advisory role in application development and infrastructure projects to assess security requirements and controls and ensures that security controls are implemented as planned
  • Participate in other Security & Compliance projects as required
 
 
Knowledge, Skills and Abilities / Competencies
 
  • Education requirement: Bachelor’s degree
  • Requires in-depth knowledge of security issues, techniques and implications across all existing computer platforms
  • Candidate should have the ability to gather & analyze information, identify problems & recommend solutions & ability to interpret laws & regulations as they apply to compliance assessments & technical IT reviews.
  • Thorough knowledge of NIST Risk Management Framework (RMF)
  • Self-starter with minimal management supervision
  • Ability to communicate effectively, both verbally and in written formats
  • Demonstrated excellent analytical, problem solving, and quantitative skills; Ability to exercise discretion and demonstrate sound judgment in making decisions; Ability to apply understanding of security/controls risk vs. business impact in decision making
  • Ability to work well in team environment
  • Proficiency in word processing and flow charting (e.g., Visio) computer software applications; Proficiency in using advanced features of spreadsheet computer software applications
  • Working knowledge of SOC 2 internal control reports and FedRAMP
  • Working knowledge of ISO27000 series of standards, PCI, FTI, HIPAA, CJIS and FERPA compliance requirements
  • Ability to travel as needed to successfully perform position responsibilities
  • Ability to maintain confidentiality of materials handled
  • Working experience with GRC tools, IBM OpenPages or RSA Archer preferred
  • Minimum Education and Experience Requirements
  • 4+ years of experience in IT Security, IT Audit or IT Governance Risk and Compliance;
  • IT industry security certification (CISA, CISSP, CRISC or GIAC) or equivalent working experience
 
 
Regards,
Satya | Sr. Recruitment Lead
Sunrise Systems, Inc.
105 Fieldcrest Ave Suite# 504, Edison, NJ 08837 USA
Office: (732) 603-2200. Direct: (732) 272 0262. Fax: (732) 692 8944.
Email: satya@sunrisesys.com


or
 
Ray Santos I rsantos@sunrisesys.com I Sunrise Systems Inc I 105 Fieldcrest Drive Suite 504 Edison, NJ 08837 I (732) 395-4426 I www.sunrisesys.com
 
You can also find me here!!! 
 
https://www.linkedin.com/in/rsantos4424