Job Description :
Title: Security Specialist(with GRC Tool)

Location: Raleigh, NC

Job Description:

The Specialist will perform compliance assessment of Information Technology security controls and ensure timely reporting of issues and remediation actions.

This position reports to State Chief Risk Officer (SCRO) and supports the SCRO in ensuring compliance with Federal and State policies of the Department of Information Technology (DIT) State data centers. In conjunction with the Enterprise Security and Risk Management Office (ESRMO), the Specialist will perform compliance assessment of Information Technology security controls and ensure timely reporting of issues and remediation actions. The candidate will be responsible for monitoring and testing the effectiveness of NIST security controls and compliance with all applicable Federal, State and pertinent mandates, and policies. This position will also be directly responsible for the oversight of remediation actions using the State’s Governance Risk and Compliance (GRC) tool for tracking and reporting purposes. This position must stay abreast of regulatory changes and assess the impact of the changes to infrastructure and security and privacy policies.

Duties and Responsibilities:

Identify aggregate, report and escalate compliance risks, issues and control enhancements

Respond to internal and external inquiries for information to clarify regulatory requirements;

Assist with development of processes to identify, quantify, analyze, and report on State Data Center Risk and Compliance status

Update relevant policies to ensure they reflect regulatory requirements

Implement and maintain attestation documentation sufficient to ensure compliance with Federal and State regulatory, legal, and functional related policies and procedures

Assist in the execution of governance and management routines.

Contribute to monitoring and testing of security controls, plans and related metrics.

Configure, Operate and Maintain the statewide GRC tool

Monitors risk mitigation and coordinates policy and controls to ensure that other business units are taking effective remediation steps

Working knowledge of statistics & the ability to apply statistical techniques in evaluation designs & analysis.

Ability to supervise projects & give instructions to technical staff & consultants as needed.

Supports key business initiatives by identifying compliance risks and providing resolutions to manage these risks.

Serves as a resource regarding compliance impact on matters such as agency business risks.

Leads and reviews application security risk assessments for new or updated internal or third party applications

Collaborate with broad group of stakeholders to ensure compliance with State and Federal policies and standards.

Serves in an advisory role in application development and infrastructure projects to assess security requirements and controls and ensures that security controls are implemented as planned

Participate in other Security & Compliance projects as required

Knowledge, Skills and Abilities / Competencies

Education requirement: Bachelor’s degree

Requires in-depth knowledge of security issues, techniques and implications across all existing computer platforms

Candidate should have the ability to gather & analyze information, identify problems & recommend solutions & ability to interpret laws & regulations as they apply to compliance assessments & technical IT reviews.

Thorough knowledge of NIST Risk Management Framework (RMF)

Self-starter with minimal management supervision

Ability to communicate effectively, both verbally and in written formats

Demonstrated excellent analytical, problem solving, and quantitative skills; Ability to exercise discretion and demonstrate sound judgment in making decisions; Ability to apply understanding of security/controls risk vs. business impact in decision making

Ability to work well in team environment

Proficiency in word processing and flow charting (e.g., Visio) computer software applications; Proficiency in using advanced features of spreadsheet computer software applications

Working knowledge of SOC 2 internal control reports and FedRAMP

Working knowledge of ISO27000 series of standards, PCI, FTI, HIPAA, CJIS and FERPA compliance requirements

Ability to travel as needed to successfully perform position responsibilities

Ability to maintain confidentiality of materials handled

Working experience with GRC tools, IBM OpenPages or RSA Archer preferred

Minimum Education and Experience Requirements

4+ years of experience in IT Security, IT Audit or IT Governance Risk and Compliance;

IT industry security certification (CISA, CISSP, CRISC or GIAC) or equivalent working experience




Skill


Required / Desired


Amount


of Experience

Enterprise level Governance, Risk, and Compliance (GRC) software platform administration experience


Required


5


Years





Enterprise level NIST Risk Management Framework experience


Required


5


Years

Enterprise level Risk Assessment and RMF Governance experience


Required


3


Years

Experience in securing HIPAA, IRS, PII, PCI and other Federal Data types


Required


3


Years

Enterprise level experience with Security Controls Implementation


Required


3


Years

Experience working with Enterprise Audit and 3rd party assessment teams


Required


3


Years

Enterprise level IBM OpenPages Experience


Highly desired


3


Years

CISSP or equivalent certification


Highly desired



if interest Please provide me below information:

· Full Name:

· Email ID:

· Contact:

· Address:

· Availability:

· Passport No :

· Last 4 digit SSNO:

· Availability for Interview:

· Visa Status:

· Visa Expiry date (MM/DD/YYYY):

· Relocation:

· Rate:

· LinkedIn ID :

Professional Reference :1

· Full Name :

· Company Name :

· Title :

· Telephone :

· Email id :

Professional Reference :2

· Full Name :

· Company Name :

· Title :

· Telephone :

· Email id :