Job Description :
Title: GRC Consultant
Location: Detroit, MI
Duration: Long Term
Rate: DOE
GRC Consultant (525938)
Advanced knowledge of security standards and experience performing security audits. Experience in Governance Risk and Compliance (GRC
Years of Experience:
10 or more years with IT security and audit experience with extensive knowledge of national/international security standards including NIST, PCI, CJIS, CMS, ISO, SOX, HIPAA, HITECH and other regulatory requirements .
Job Description:
Advanced knowledge of security standards and progressive experience performing security audits.
1. Assist the Risk and Compliance Director with risk assessment process re-engineering within the LockPath GRC tool
2. Assist in establishing efficient processes for Risk Assessment processes within the GRC tool as part of Lock path Reengineering Project(s
3. Perform gap analysis of security requirements implemented within the LockPath GRC tool and risk assessment process according to security statute, regulation, standards and SOM policies
4. Cross-map HIPAA, IRS, CMS, PCI and CJIS security requirements to NIST and State of Michigan Baseline controls
5. Document LockPath process design including business and security requirements
6. Identify and design reports within the LockPath GRC tool and assist the Risk and Compliance Director to establish monitoring program
7. Assist with establishing Cyber Security Framework for the State of Michigan.
8. Other cyber security related tasks as assigned
9. Assist with MICWRAP Risk Assessment volume of work for agencies.
Skills Required:
Information Technology Experience Required 10 Years
IT Security and/or Audit Experience Required 10 Years
PCI, NIST, FISMA, HIPPA, CJIS, or related experience Required 5 Years
Experience working in large, complex business and/or IT environments Required 10 Years
Bachelors or Master’s Degree in Computer Science, MIS, Business, Accounting, or Engineering (or related) Required 4 Years
Technical skills: knowledge and experience in IT security statutes, regulations, and standards, experience in GRC tool(s Required 5 Years
CISSP/CISM certification Highly desired
Practical experience with a commercial Governance, Risk & Compliance platform Desired 3 Years
Practical experience working with business and IT stakeholders to complete Risk Assessments Desired 3 Years
NOTE: Please detail your experience in GRC tool?
Do you have experience in training? If so, please detail here.