23 Nov
Missouri,
Marylandheights
, 63043
Marylandheights
USA
Vacancy expired!
JOB SUMMARYLeverage industry and technical expertise to assist leadership teams to effectively address enterprise security risks by performing risk assessments through questionnaires, interviews, and key control testing. Enhance internal audit functions to further align to organizational strategy and risk and identify opportunities to effectively mitigate risk and improve business performance by increasing value and reducing costs of compliance-related activities. In addition, apply the concepts of Enterprise Risk Management to help organization identify, assess, and mitigate emerging risks.MAJOR DUTIES AND RESPONSIBILITIESActively and consistently supports all efforts to simplify and enhance the customer experience. Conduct technical risk assessments for the enterprise to identify threats, risks, and controls through governance, compliance, identification, and validation.Perform IT Technical audits involving internal and external audits, technology focused risk assessments, third party security assurance activities, and vendor based systems. Conduct testing of compliance controls by reviewing documentation and evidence, performing observations, and documenting results. Provide oversight to security assurance activities and programs to include governance, policy, control design, general operational effectiveness and internal controls.Manage all project planning and execution for risk assessment processes to identify and address department/organizational risks.Identify findings during risk assessments and make recommendations to improve security infrastructure by maintaining deep subject matter expertise of technical and operational information security, technical privacy, and/or standard industry practices.Define the security controls and processes appropriate for department and/or organization post assessment leveraging thorough technical and operational knowledge of Information Security best practices and industry standardsProvide guidance on risk assessment process and procedures, requirements, and controls to leadership teams in order to understand risk findings and implement control solutions to prevent reoccurrences.Consult on remediation of findings discovered during audits and control testing.Perform other duties as assigned. REQUIRED QUALIFICATIONSSkills/Abilities and Knowledge Ability to read, write, speak and understand EnglishKnowledge of control testing the following audit/assessment frameworks: o Payment Card Industry (PCI), Sarbanes Oxley (SoX), o Health Insurance Portability and Accountability Act (HIPAA), o National Institute of Standards and Technology (NIST 800-53), o Customer Proprietary Network Information (CPNI), o Other authoritative sources related to specific business situations. Knowledge of technical aspects to complete projects in the following areas: IT Audits, IT Risk Management, Information Security and/or Technical PrivacyExperience in audit and/or Information Security practices and frameworks for large organizationKnowledge of Information Security strategy, organization, policy and GovernanceBasic knowledge in utilization of network and application security assessment tools and methodologies to manage and address security and control issues with the following technologies: UNIX, Windows Servers, databases (Oracle, SQL, DB2, etc.), mainframe, firewalls, routers, wireless environments, mobile devices, and cloud computing.Ability to translate technical terms to non-technical (business) colleagues and non-technical (business) terms to technical colleagues.Ability to be adaptable and flexible while working in a dynamic environmentFoster and maintain relationships with key stakeholders, departmental leadership, and business partnersExcellent verbal and written communications skillsEducationBachelor's degree in BA or BS Management Information Systems, Computer Science, Accounting, and / or business related discipline, or equivalent work experienceOne of the following or equivalent certifications required or actively pursuing: • Information Systems Security Professional (CISSP)• Certified Information Security Manager (CISM)• Certified Information Systems Auditor (CISA) certifications• Complimentary- Certified Ethical Hacker (CEH)• Or other related certifications.Related Work Experience 4+ years of IT/IT Security and/or Corporate Risk/Audit Work experience 3+ years of IT Risk Management and/or IT Internal Audit including experience in Information Security & Technical Privacy. WORKING CONDITIONS Office environment ISE315 295219 295219BR
Vacancy expired!
Report job
