Job Description :

Greetings of the Day...!!

We have an excellent requirement for you. Please go through the job description and let me know your level of interest in this position. Feel free to mail me at ************* or call me at .

Job Title: IT Security and Compliance Engineer

Location: Polk County, IA

Job Description:

  • The IT Security and Compliance Engineer creates or updates security and privacy documentation according to NIST SP 800-53 Rev 4 requirements, including system security plans, security reports, and privacy assessments.
  • The engineer works with department subject matter experts (SMEs) to develop and document control implementation descriptions that meet or exceed the security-control compliance requirements.
  • The engineer develops policies and procedures based on security-control implementations for each business unit and system component in scope of the system boundary.
  • The engineer inputs and maintains security-controls and associated artifacts in the organization s Governance, Risk and Compliance (GRC) system.
  • The IT Security and Compliance Engineer performs other tasks as assigned, such as updating diagrams, taking screen captures for insertion into documentation, and planning documentation schedules to meet defined project milestones.
  • The engineer should be comfortable working independently with guidance from a project manager and amongst a team.

Responsibilities:

  • Create or update the System Security Plan (SSP), System Security Plan (SSP) Workbook, IRS Safeguard Security Report (SSR), Privacy Impact Assessment (PIA), Information Security Risk Assessment (ISRA), Computer Matching Agreement (CMA), Information Exchange Agreement (IEA), and Interconnection Security Agreement (ISA)
  • Develop new or update current policies and procedures to meet federal requirements
  • Coordinate with department subject matter experts on all aspects of policies and procedures
  • Consider risk mitigation and remediation when drafting policies and procedures
  • Maintain security controls catalog and associated artifacts in department GRC
  • Gather documentation and evidence to support new and revised policy and procedures for independent security controls assessments, and third party penetration tests
  • Adhere to documentation plans and schedules
  • Achieve and maintain relevant knowledge on organization s mission and information system structure
  • Maintain consistency in tone and style.
  • Manage updates and revisions to existing documentation.
  • Resolve reported documentation issues.
  • Identify new documentation needs or opportunities.
  • Collaborate with team on meeting security and privacy requirements
  • Participate in other security and compliance projects as needed.

Needed Soft Skills:

  • Time management skills with the ability to operate under short deadlines
  • Self-starter with minimal management supervision
  • Ability to work under pressure and manage fluctuating workloads
  • Work in a team setting
  • Ability to gain consensus
  • Maintain confidentiality
  • Excellent written and verbal communication skills.

Required/Desired Skills:

Skill

Required /Desired

Amount

of Experience

Demonstrated experience working in a security and compliance heavy technical writing position.

Required

5

Years

Working knowledge of two of the following:

Required

2

Years

CMS MARS-E controls, security and privacy documentation

Required

0

CMS ARS controls, security and privacy documentation

Required

0

IRS Publication 1075 controls, security and privacy documentation

Required

0

NIST 800-53 Rev 4 (or 5) controls, security and privacy documentation

Required

0

FedRAMP controls, security and privacy documentation

Required

0

HIPAA compliance

Required

0

Demonstrated proficiency in MS Office suite

Required

5

Years

Experience writing in explanatory and procedural styles for multiple audiences

Required

5

Years

Demonstrated experience using a GRC platform such as NAVEX Lockpath or RSA Archer.

Required

5

Years

Demonstrated proficiency reading and interpreting complex federal and state laws, rules, regulations and requirements including, (but not limited to),

Required

5

Years

HIPAA, IRS Publication 1075, CMS MARS-E 2.0, FedRAMP, NIST 800-53

Required

0

Experience effectively communicating technical and nontechnical concepts to a variety of audiences

Required

5

Years

Excellent written and verbal communication skills

Required

5

Years

Ability to follow and comply with existing processes and procedures, and propose updates

Desired

5

Years

Ability to work with minimal supervision, set priorities, and give attention to detail and quality

Desired

5

Years

Demonstrated strong organizational and time-management skills: multitasking, working individually and with a team

Desired

5

Years

             

Similar Jobs you may be interested in ..