PlanIT Group : specializing in information technology, business process consulting and transaction advisory services for customers in the public and private sectors
Provide proven expertise and knowledge in Governance, Risk and Compliance (GRC), internal and external audit and assessment support and Information Security assurance initiatives. A firm knowledge of security compliance controls i.e NIST 800-53r4, HIPAA, HITECH, ISO27001 and other security standard frameworks is an absolute requirement.
Gather and analyze metrics, key risk indicators and maintain scorecards defined within the area of information security to ensure the information security program is meeting governance expectations and maturity. This candidate must be familiar with general security risk management principals, healthcare and government-designed security control standards and best practices for security and privacy.
Candidate should be familiar with documented security plans, procedures, supporting evidence and risk rating standards based on NIST and other risk management frameworks.
Assist with evaluation and testing as well as work with the applicable teams to track, address, and remediate audit and assessment findings to closure. Candidate must be familiar with threats and vulnerabilities, latest trends and risks and be able to understand the technical remediation action steps or plans and communicate them effectively to teams within the organization.
Manage policy exceptions with requestors and coordinate the annual exception review process. Requires working directly with various teams to document exceptions, identify compensating controls, and remediation action plans accordingly. Provide process improvement suggestions for more effective management and review of exceptions.
Support and help mature the overall security management program. Should be familiar with general governance, risk and compliance (GRC) programs with specific knowledge of government practices, and security risk and policy management. Provide support for ongoing BAA, third party risk reviews, including initial inherent risk, ongoing residual risk, and attestation campaigns.
Support and help maintain risk appetite frameworks focused on security and business continuity risks. Additionally, support and maintain other general regulatory risk assurance program functions.
Support and address regular IT general controls (ITGC) activity reviews and be able to rate and score maturity and compliance to standard control objectives.
A knowledge of security architectures including SDLC, cloud or multi-tenant infrastructure and environments and network/boundary architectures. Should be familiar with SIEM, DLP, and other reporting and protection capabilities.
This position requires:
BS or BA degree in a related field or equivalent work experience.
Minimum 5 years in information security, Risk Management, IT compliance, or security/IT risk related field.
Strong oral and written communication, as well as good interpersonal skills.
Knowledge and experience in standard security and regulatory frameworks including HIPAA, HITECH, NIST 800-53, other NIST standards, ISO 27001/31000, FFIEC and PCI.
Possess the ability to solve a wide range of complex problems, requiring ingenuity and innovation.
Preferred/Nice-to-haves:
Experience using GRC platforms or rating scorecards to show compliance levels and maturity.
Experience with SharePoint administration, including workflow and process design.
Current Certified Information Systems Security Professional CISSP certification (or similar security profession certificate).
Current Certified Information Systems Auditor CISA certification (or similar).
PlanIT Group, LLC is an Equal Opportunity/Affirmative Action (M/F/D/V) Employer.
All your information will be kept confidential according to EEO guidelines.