Raleigh, North Carolina
May 6, 2019
Security Spec- Compliance/EGRC
About The Opportunity
The Specialist will perform compliance assessment of Information Technology security controls and ensure timely reporting of issues and remediation actions.
- This position reports to State Chief Risk Officer (SCRO) and supports the SCRO in ensuring compliance with Federal and State policies of the State data centers. In conjunction with the Enterprise Security and Risk Management Office (ESRMO), the Specialist will perform compliance assessment of Information Technology security controls and ensure timely reporting of issues and remediation actions. The candidate will be responsible for monitoring and testing the effectiveness of NIST security controls and compliance with all applicable Federal, State and pertinent mandates, and policies. This position will also be directly responsible for the oversight of remediation actions using the State’s Governance Risk and Compliance (GRC) tool for tracking and reporting purposes. This position must stay abreast of regulatory changes and assess the impact of the changes to infrastructure and security and privacy policies. Duties and Responsibilities:
- Identify aggregate, report and escalate compliance risks, issues and control enhancements
- Respond to internal and external inquiries for information to clarify regulatory requirements;
- Assist with development of processes to identify, quantify, analyze, and report on State Data Center Risk and Compliance status
- Update relevant policies to ensure they reflect regulatory requirements
- Implement and maintain attestation documentation sufficient to ensure compliance with Federal and State regulatory, legal, and functional related policies and procedures
- Assist in the execution of governance and management routines.
- Contribute to monitoring and testing of security controls, plans and related metrics.
- Configure, Operate and Maintain the statewide GRC tool
- Monitors risk mitigation and coordinates policy and controls to ensure that other business units are taking effective remediation steps
- Working knowledge of statistics & the ability to apply statistical techniques in evaluation designs & analysis.
- Ability to supervise projects & give instructions to technical staff & consultants as needed.
- Supports key business initiatives by identifying compliance risks and providing resolutions to manage these risks.
- Serves as a resource regarding compliance impact on matters such as agency business risks.
- Leads and reviews application security risk assessments for new or updated internal or third party applications
- Collaborate with broad group of stakeholders to ensure compliance with State and Federal policies and standards.
- Serves in an advisory role in application development and infrastructure projects to assess security requirements and controls and ensures that security controls are implemented as planned
- Participate in other Security & Compliance projects as required
- Enterprise level Governance, Risk, and Compliance (GRC) software platform administration experience Required 5 Years
- Enterprise level NIST Risk Management Framework experience Required 5 Years
- Enterprise level Risk Assessment and RMF Governance experience Required 3 Years
- Experience in securing HIPAA, IRS, PII, PCI and other Federal Data types Required 3 Years
- Enterprise level experience with Security Controls Implementation Required 3 Years
- Experience working with Enterprise Audit and 3rd party assessment teams Required 3 Years
- Enterprise level IBM OpenPages Experience Highly desired 3 Years
- CISSP or equivalent certification Highly desired
2 + Months
Please Contact me to discuss the hiring process!
Sr. Executive Recruiter
Contact: (310) 929-8421 Ext: 104
Hi! My name is Sumit Gupta. I treat all my consultants in a manner that they feel comfortable while working with me on any position they are applying for. Although, the motive is to find the best match for my consultants. But I make sure that I suggest them the right job matching their profile and work history by interacting with them in detail and follow-up with them at each and every level of the hiring process.