| GRC Analyst at Boca Raton, Florida, USA |
| Email: [email protected] |
| From: muddu Krishna, RITWIK Infotech [email protected] Reply to: [email protected] Title: GRC Analyst (onsite) Location: Boca Raton, FL Work authorization: any (candidate must be authorized to work in US) Duration:3+ months with possible extensions Additional information: The candidate should be able to provide an ID if the interview is requested, to guarantee the Client that the candidate submitted, interviewing and showing up for work is one and the same Must-have skills: EDU : BS/equiv exp 7+ y of IT Audit exp 3+ y of hands-on technical experience (e.g. developer, system administrator) exp with NIST, ISO, PCI, ISACA, COBIT CISA/CISSP certified PREFERRED : gov exp Duration:3+ months with possible extensions Additional information: The candidate should be able to provide an ID if the interview is requested, to guarantee the Client that the candidate submitted, interviewing and showing up for work is one and the same Requirements: Availability to work 100% on Clients site in Boca Raton, FL (required); IT Audit experience (7-10 years) IT Risk Management lifecycle experience (3+ years) Hands-on technical experience, e.g. developer, system administrator (3+ years) Experience working with NIST 800-30 Risk Assessment Standard; Experience with IT General Controls evaluation and design; Experience with PCI DSS standards; Experience with business process mapping and documentation as well as policy and procedure development; Experience in Information Security with up-to-date knowledge of the current threat landscape; CISA and CISSP certifications (preferred). Bachelors Degree in Computer Science, Information Systems, Business Administration, or other related field and/or equivalent work experience. Responsibilities include but are not limited to the following: Perform PCI, ISO, COBIT, and applicable State of Florida cybersecurity controls-related reviews to ensure that current, new, and technology infrastructure complies with these standards and Departments security policies. Plan and perform IT security controls effectiveness quarterly reviews. Manage remediation efforts for the identified gaps including assessment of new or enhanced implemented controls Maintain IT security risk and compliance matrix and performs management reporting. This will include IT systems controls, and business process risks to meet compliance requirements. Provide risk mitigation strategies Maintain IT security risk and compliance matrix and performs management reporting. This will include IT systems controls, and business process risks to meet compliance requirements. Provide risk mitigation strategies Manage IT security vulnerabilities management program aligned with PCI and NIST standards. Identifying and ranking the value, sensitivity, and criticality of the operations and assets that could be affected should a threat materialize in order to determine which operations and assets are the most important For the most critical and sensitive assets and operations, estimating the potential losses or damage that could occur if a threat materializes, including recovery costs Identifying cost-effective actions to mitigate and reduce risk. These actions can include implementing new organizational policies and procedures as well as the design of technical or physical controls Coordinating, tracking, and verifying remediation of audit findings Documenting the results and developing a plan of action and milestones for mitigating any identified risk Produce formal audit reports based on ISACA Audit Standards; Promotes compliance with regulatory requirements (e.g. PCI DSS) and IT best practices. Keywords: information technology Florida Idaho |
| [email protected] View all |
| Fri Feb 10 22:29:00 UTC 2023 |