05 Nov
Security Track Consultant
Vacancy expired!
- Providing subject matter expertise in the creation and maintenance of appropriate enterprise programs, policies, and procedures to be compliant with all applicable regulations including ISO, CSA, NIST, SOC, HIPAA, HITRUST, PCI, FedRAMP/FISMA, knowledge on COBIT or COSO framework
- Helping to interpret security, risk, and compliance controls, be able to analyse the maturity at achieving them, and helping to report against the status.
- Participation in and active contribution to working groups focused on security, risk, and cloud standards – able to represent and negotiate the customer needs (in terms of maintaining agility, technical solution independence etc) to move towards more standardised practices
- Ability to utilize working knowledge of information security best practices such as: NIST 800 series, PCI, HITRUST, ISO 27000 series, GDPR, etc
- Conducting regularly scheduled audits on systems and hosting third-party audits as required to maintain certifications and compliance certificates.
- Architecture and security management
- Strong understanding of security best practices on securing network and enterprise cloud applications
- Develop, plan, and deploy measurable and sustainable security enhancements which protect from cyber threats
- Work with internal and external vendors to support facilitation of penetration and vulnerability tests
- Driving compliance with disaster recovery, backup and restore policies and improvements
- Contribute to audit requests internally or externally, including external industry regulatory audits
- Support the development and maintenance of Cyber Security policies, standards, and guidelines in alignment with applicable laws, common security frameworks and leading practices.
- Facilitate the execution and continuous improvement of third-party risk management program and processes.
- Review and manage exceptions to Cyber Security policies.
- Bachelor's degree in Information Technology, related discipline, or relevant work experience.
- Minimum 12+ years of experience in Risk Management, Implementing COBIT Framework, regulations knowledge and implementation and Design Security policies, process and procedures.
- In-depth knowledge of the industry s standards and regulations, specifically SOC 2, PCI-DSS, HIPAA, HITRUST, ISO 27001, GDPR, COBIT framework.
- Security & compliance professional with experience in IT security best practices and principles in a modern cloud-first setting, preferably with a background of hands-on experience in infrastructure and Public cloud.
- Experience of writing and implementing security policy and runbooks for security compliance
- Knowledge and experience in security requirements, standards and practices including PCI DSS, HITRUST, HIPAA, NIST CSF, NIST 800-53, ISO 27001, SOC2, COBIT, GLBA, SOX, GDPR, OWASP Top 10, SANS Top 25, etc.
- Be a strong communicator and capable of navigating multiple contributors and stakeholders.
- Good command of written and spoken English to be able to interpret precisely worded audit and compliance statements.
- Strong understanding of application, network, operating system, and core infrastructure security concepts.
- Relevant Technical Security Certifications (i.e, GIAC, CISSP, CISA, CISM, CRISC)
Vacancy expired!