Job Description
Responsibilities
* Provide supervision and leadership for the IT compliance team responsible for specifying, documenting, and maintaining IT security policies and controls to ensure the protection of electronic assets and compliance with security requirements of clients (principally Government) and corporate standards for data and systems integrity
* Manage security compliance engagement activities and support existing compliance control
* Develop and implement tools and processes to measure and track security control metrics
* Provide executive level reporting on the current status and expected changes in the compliance requirements
* Provide guidance to IT functional teams on security compliance as it pertains to system development, documentation, testing, monitoring and reporting
* Manage NORC Risk Management program. Conduct risk assessments and security impact analysis of information systems
* Participate in project meetings, provide all required documentation, identify deficiencies and create remediation plans
* Develop policies, procedures, and automated processes to ensure the company's IT environment continues to meet all applicable standards and recommendations
* Maintain all NIST 800-53 Standard Operating Procedure control documentation
* Manage daily activities of compliance team members, develop short term and long-term compliance strategies
Required Skills & Experience
Must haves
* 8+ years of experience in IT risk assessment, or compliance in a Government contract environment.
* Experience with frameworks such as NIST 800-53, NIST SP 800-171, GRC tool(s) experience, FISMA, HIPAA
* 5+ years of management supervision experience.
* Current security compliance certification such as CISA or CIA
* Experience with creating and maintaining IT audit control processes
* Experience in Government security standards and regulations
* Practical experience in participating in both internal and external compliance audits.
* BS in MIS, Computer Science, IT auditing or other comparable degree
Nice to Have Skills & Experience
Plusses:
* Master's Degree preferred
* Project Management experience managing team projects and cross functional projects
* In-depth understanding of information security compliance practices at all layers of the IT infrastructure: network, servers, databases, applications including cloud systems and third-party compliance
* Performing Identity and Access management Attestation reports across the organization
* Knowledgeable about data privacy compliance
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.