Security Compliance Specialist

Job Description

Job Description

3186738

U.S. Citizens and GC Holders

6-18 month contract to hire (could convert anytime after initial 6 months)

Top Three Skills :

1 . ISO 27001 - this person will need to have Sr. to Expert level experience within ISO 27001 Framework and within the implementation process.

This person will be assisting with leading the implementation of ISO 27001 across multiple data centers within the corporate enterprise.

2. Experience with Risk Assessment and Audits within ISO 27001 and or NIST 800-53. The will need to be comfortable with organizing, prioritizing and implementing the remediation process with regards to policy an compliance issues.

3. Communication and presentation skills - this person will be working with personnel from the management level all the way to the VP level.

They will also be working with individual contributors to ensure implementation of policy, compliance and procedure is done correctly.

Job Description :

Leader in providing analytic software to help businesses make better decision. They do this by providing innovative analytics, business intelligence and data management and services to their customers.

This team is responsible for the overall compliance standards for IT and their multiple Data Centers. They are currently working on standardizing all of them to ISO 27001 framework.

There are 4 DC that will be involved in this project. This team will be partnering with IT OPS, Hosting Audit and Compliance, Global Compliance, Global Information Security, as well as executive branch within IT, RD and Corp. Executive.

This person will be assisting in taking the current road map and executing a ISO 27001 implementation within their 4 data center environment.

They will be mirroring the implementation of the local Cary Data Center. This person will need to more experience with ISO / NIST implementation rather than audit and process experience.

They will be working with multiple organization within the enterprise to ensure this is done correctly and on time. This person will also be working and managing the security risk assessment, control gap analysis, leading external ISO audit, validating controls and participating in internal audits.

Full Description :

Sr. IT Security and Compliance Specialist

Sr. IT Security Compliance Specialist, under limited supervision, will be responsible for supporting the IT Security and Compliance Program.

They must be a highly motivated individual with excellent organizational skills, with the ability to stay on top of a variety of commitments and deadlines;

must be able to work independently and as part of a team to maintain workload and report on problems or progress in a timely manner.

The Sr. IT Security and Compliance Specialist will be responsible for bridging the gap between compliance and IT security by supporting policy and standards development.

They will perform risk assessments, gap analysis and overall security controls guidance for security standards including ISO 27001;

National Institute of Standards and Technology (NIST 800-53); IRS 1075 and other security frameworks. They should be comfortable interpreting business risk and prioritizing remediation activities with IT and the business.

The Sr. IT Security Compliance Specialist will also perform Plan of Action and Milestone (POAM) activities to track remediation efforts, complete security risk tracking and reporting, and Information Technology audit preparation and response.

The ideal candidate will be a self-starter and have an inquisitive, analytical mind that constantly looks for solutions to difficult problems.

You must have technical knowledge and / or experience in information security and the ability to communicate information security risks;

controls and mitigation strategy to management at all levels of the business.

The successful candidate must be a self-starter and goal-oriented with the ability to work with limited supervision within an evolving and entrepreneurial environment.

The Sr. IT Security Compliance Specialist will work across all business units and be proficient in managing multiple workstreams at the same time.

Essential Knowledge Skills and Abilities

• Able to lead compliance program / project initiatives, audits and benchmarking of security policies against good practice and standards, including ISO 27001 : 2013
• Undertake Information Security Risk Assessments; Control gap analysis; Security Incident Response and Security Investigations
• Participate in or lead internal or external ISO 27001 certification audits
• Assist with analysis and documentation of audit remediation actions
• Identify and recommend cost effective improvements to security practices
• Coordinate security responses to RFI / RFP and customer questionnaires
• Take part in discussions with customer security teams and auditors regarding security and related interests during pre- and post-sales activities
• Review supplier and customer security contract terms against current policies and processes
• Effectively communicate Information security principles and practices to technical and non-technical audiences
• Create and help administer security training programs and practices.
• Perform other duties, as assigned.

The candidate should also be able to demonstrate :

• Strong time management skills (schedules, timelines, and task prioritization) and ability to work with minimal supervision or guidance
• Excellent communication, analysis and process flow skills
• The ability to be flexible with others, to display tact and diplomacy, and to maintain a high degree of confidentiality and integrity
• Excellent planning and organization skills
• Proven ability to manage projects
• Strong time management and prioritization skills
• Experience with ServiceNow issue management ticketing system

Experience

Ten years of experience in security and compliance; information security audit and securing IT systems.

Experience of working in an ISO27001 certified environment

Education

Bachelor's degree in a quantitative field, preferably in Computer Science, Information Technology, or a related discipline.

CISSP, CISA, GSNA, or CRISC certification

ISO27001 : 2013 Lead Auditor or Lead Implementor trained