Job Description
Job Number:
336624
Category:
IT General
Details:
Job Title: IT Security Governance, Risk, and Compliance Analyst
Location: Indianapolis, Indiana
Pay: $38.50/hr-$43.50/hr
Zip Code: 46222
Start Date: Immediately
Keywords: #complianceandriskjobs #manufactoringindustry #onsitejob #nowhiring
An IT Security Governance, Risk, and Compliance Analyst opportunity is currently available through Belcan in the manufacturing industry. This position will work under the direction of the IT Security Governance, Risk, and Compliance Manager. The IT Security Governance, Risk, and Compliance Analyst will provide guidance and support for security governance, risk management, and compliance requirements in support of Client”s global IT compliance program. This position will help evaluate risk and apply risk management methodologies to ensure that stakeholders are aware of relevant risk and the controls required for adherence. In this role, you will be responsible for participating in risk and compliance assessments, tracking of action items, maintenance of policies and standards, and helping to drive remediation activities. To perform these activities, the role will partner with various internal functions including but not limited to IT Security, IT Operations, Enterprise Architecture, IT Service Delivery and ePMO, Internal Audit, Legal, Human Resources as well as external parties including third parties, vendors, and external auditing or assessing partners. The role requires a proven record of enterprise delivery, with experience in defining and scaling Policy Directives and Standards, Information Protection, Risk Management, Maturity Assessments, and Compliance Legislation.
Responsibilities:
• Collaborate with IT, Business Stakeholders, and Executive Leadership to ensure accountability for completing audit assignments on schedule with appropriate priority, completeness, and accuracy, in accordance with corporate and regulatory requirements and business priorities
• Liaise with relevant teams and external vendors to manage security and regulatory requirements
• Conduct compliance assessments of controls for in-scope systems, including remediation assessments and audit-readiness assessments
• Assist with assessments that may involve the use of groupings (overlays) of information security controls for system/process authorization and continued operations, third party engagements, regulatory obligations, maturity of program, privacy concerns, information technology controls, and key business process(es). The emphasis of this role is on information security compliance.
• Assist in managing and maintaining IT Compliance program controls
• Coordinate the testing and validation of IT General Control (ITGC) processes for SOX, DFAR, NIST 800-171, CMMC, and GDPR
• Prepare team members and related materials required for effective audit meetings (e.g., control design walk-throughs), follow-up requests, and testing
• Identify control deficiencies and maintain records of deficiency details including management response documentation and exposure check evidence
• Drive remediation activities with stakeholders, including developing remediation plans, tracking, and reporting remediation progress
• Support Information Security GRC efforts, such as improvements/management/guidance when selecting/using/building/supporting tools, platforms, process(es), operational procedure(s)
• Administer GRC tool to document, sustain and improve controls
• Review and Analyze reports and results of the audit, gap analysis and security testing conducted and assist stakeholders to identify practical solutions for any gaps, issues and vulnerabilities identified.
• Create and suggest useful measurements to aid in improving Information security processes and procedures
• Evaluate the compliance status of information security controls and assist control owners to develop/use repeatable processes and procedures to remediate control gaps
• Collect and report on remediation plans along with charting progress of open risk items to resolution.
• Support the execution of risk management activities including assessments and exception process.
• Coordinate and track IT and security related audits and support the closure of audit findings.
• Support the development of all pillars of the IT Security Roadmap
• Stay up to date and proactively informed on developing regulatory concerns and evolving compliance solutions
• Contribute to the development and execution of the security awareness program
• The role will perform various coordinating tasks, such as schedule and follow-up, along with administrative duties (e.g., maintaining audit and remediation documentation)
Qualifications:
• 5+ years of progressive experience in Information Systems, Audit, Governance, Risk, Compliance, or related area
• 1-3 years of experience in IT security, IT auditing, and/or compliance strongly preferred
• Experience with Sarbanes-Oxley (SOX) compliant systems, focused on increasing transparency in financial reporting, protecting investors by improving the accuracy and reliability of corporate disclosures
• Strong understanding of security risk management frameworks such as NIST CSF, ISO 27001/2, SOC2, GDPR, Data Privacy and Business continuity
• Able to apply Cyber security experience and knowledge with creative and innovative thinking in a broad range of complex and no-routine contexts
• Solid organizational skills, including multitasking and time-management
• Ability to effectively prioritize and complete key tasks and deliverables
• Security Consultancy background covering design, risk, compliance, governance, data protection, Identity and access management, Network security, application security
• Demonstrated FedRAMP, NIST 800-53, NIST CSF assessment experience
Technology and/or Management Information Systems (MIS), or related field
• Must be a US Citizen
• One of the following certifications is preferred:
• CompTIA Security+
• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Systems Security Professional (CISSP)
If you are interested in this job, please apply via the ‘apply now’ link provided.
Belcan is a leading provider of qualified personnel to many of the world’s most respected enterprises. We offer excellent opportunities for contract/temporary, temp-to-hire, and direct assignments in the engineering, IT, and professional fields. We are the employer of choice for thousands worldwide. Our overriding goal is to provide quality staffing solutions that help people, organizations, and communities succeed. Belcan is a team-driven Equal Opportunity Employer committed to workforce diversity. For more information, please visit our website at http://www.belcan.com