Job Description :
Title: Security Specialist(with GRC Tool)
Location: Raleigh, NC
Job Description:
The Specialist will perform compliance assessment of Information Technology security controls and ensure timely reporting of issues and remediation actions.
This position reports to State Chief Risk Officer (SCRO) and supports the SCRO in ensuring compliance with Federal and State policies of the Department of Information Technology (DIT) State data centers. In conjunction with the Enterprise Security and Risk Management Office (ESRMO), the Specialist will perform compliance assessment of Information Technology security controls and ensure timely reporting of issues and remediation actions. The candidate will be responsible for monitoring and testing the effectiveness of NIST security controls and compliance with all applicable Federal, State and pertinent mandates, and policies. This position will also be directly responsible for the oversight of remediation actions using the State’s Governance Risk and Compliance (GRC) tool for tracking and reporting purposes. This position must stay abreast of regulatory changes and assess the impact of the changes to infrastructure and security and privacy policies.
Duties and Responsibilities:
Identify aggregate, report and escalate compliance risks, issues and control enhancements
Respond to internal and external inquiries for information to clarify regulatory requirements;
Assist with development of processes to identify, quantify, analyze, and report on State Data Center Risk and Compliance status
Update relevant policies to ensure they reflect regulatory requirements
Implement and maintain attestation documentation sufficient to ensure compliance with Federal and State regulatory, legal, and functional related policies and procedures
Assist in the execution of governance and management routines.
Contribute to monitoring and testing of security controls, plans and related metrics.
Configure, Operate and Maintain the statewide GRC tool
Monitors risk mitigation and coordinates policy and controls to ensure that other business units are taking effective remediation steps
Working knowledge of statistics & the ability to apply statistical techniques in evaluation designs & analysis.
Ability to supervise projects & give instructions to technical staff & consultants as needed.
Supports key business initiatives by identifying compliance risks and providing resolutions to manage these risks.
Serves as a resource regarding compliance impact on matters such as agency business risks.
Leads and reviews application security risk assessments for new or updated internal or third party applications
Collaborate with broad group of stakeholders to ensure compliance with State and Federal policies and standards.
Serves in an advisory role in application development and infrastructure projects to assess security requirements and controls and ensures that security controls are implemented as planned
Participate in other Security & Compliance projects as required
Knowledge, Skills and Abilities / Competencies
Education requirement: Bachelor’s degree
Requires in-depth knowledge of security issues, techniques and implications across all existing computer platforms
Candidate should have the ability to gather & analyze information, identify problems & recommend solutions & ability to interpret laws & regulations as they apply to compliance assessments & technical IT reviews.
Thorough knowledge of NIST Risk Management Framework (RMF)
Self-starter with minimal management supervision
Ability to communicate effectively, both verbally and in written formats
Demonstrated excellent analytical, problem solving, and quantitative skills; Ability to exercise discretion and demonstrate sound judgment in making decisions; Ability to apply understanding of security/controls risk vs. business impact in decision making
Ability to work well in team environment
Proficiency in word processing and flow charting (e.g., Visio) computer software applications; Proficiency in using advanced features of spreadsheet computer software applications
Working knowledge of SOC 2 internal control reports and FedRAMP
Working knowledge of ISO27000 series of standards, PCI, FTI, HIPAA, CJIS and FERPA compliance requirements
Ability to travel as needed to successfully perform position responsibilities
Ability to maintain confidentiality of materials handled
Working experience with GRC tools, IBM OpenPages or RSA Archer preferred
Minimum Education and Experience Requirements
4+ years of experience in IT Security, IT Audit or IT Governance Risk and Compliance;
IT industry security certification (CISA, CISSP, CRISC or GIAC) or equivalent working experience
Skill
Required / Desired
Amount
of Experience
Enterprise level Governance, Risk, and Compliance (GRC) software platform administration experience
Required
5
Years
Enterprise level NIST Risk Management Framework experience
Required
5
Years
Enterprise level Risk Assessment and RMF Governance experience
Required
3
Years
Experience in securing HIPAA, IRS, PII, PCI and other Federal Data types
Required
3
Years
Enterprise level experience with Security Controls Implementation
Required
3
Years
Experience working with Enterprise Audit and 3rd party assessment teams
Required
3
Years
Enterprise level IBM OpenPages Experience
Highly desired
3
Years
CISSP or equivalent certification
Highly desired
if interest Please provide me below information:
· Full Name:
· Email ID:
· Contact:
· Address:
· Availability:
· Passport No :
· Last 4 digit SSNO:
· Availability for Interview:
· Visa Status:
· Visa Expiry date (MM/DD/YYYY):
· Relocation:
· Rate:
· LinkedIn ID :
Professional Reference :1
· Full Name :
· Company Name :
· Title :
· Telephone :
· Email id :
Professional Reference :2
· Full Name :
· Company Name :
· Title :
· Telephone :
· Email id :