Job #: 2325
Title: Security Professional
· Develop a GRC SaaS platform – this project will require consultant to a) document current workflows/requirements b) work with the SaaS provider to build/test the tool in POC and Production c) develop training materials for end users and operating procedures. Experiences with implementing a GRC tool is a plus.
· Risk remediation efforts – this project will require the consultant to a) review risk findings from various security assessments b) work closely with remediation teams to fix the findings (or develop remediation plans) c) report on cyber security risk posture as risks are addressed (ie, ROI analysis).
· Documentation – documentation of information security policies, guidelines, operating procedures, education materials.
· Project Management – manage project plan for GRC projects and update PMO on a weekly basis.
· Risk assessments – performing security risk assessments to identify risks and making recommendations to address those risks (ie, vendor security assessments, application security assessments, biomedical device security assessments, etc). Candidate to maintain and keep up to date the security risk register.
· Job Qualifications:
5-7 years of security experience.
At least 3 years working in a regulated industry (healthcare preferred).
At least 1-2 years implementing/using a GRC platform such as Archer, RSAM, ServiceNow or any other.
At least 1-2 years dealing with public cloud (AWS/Azure/O365) security and compliance.
Strong knowledge of frameworks such as NIST Cyber Security Framework, Cloud Security Alliance, Center for Internet Security, COBIT and FedRAMP.
Working knowledge of HIPAA and HITECH. Strong analytical, problem solving and project management skills.
Excellent written and verbal communications skills, interpersonal skills. Must possess a high degree of integrity and trust along with the ability to work independently as well as motivate others.
CISSP, CISM, C-RISC, CISA or other similar certifications.