Senior Information Security Assessor

TOP Consulting is looking for a Senior Information Security Assessor to join our team. Qualified candidates will have minimum 7 years of experience in cybersecurity principles, cyber threats and vulnerabilities, and knowledge of regulatory and contractual compliance, including PCI, and HIPAA requirements for information systems, security and privacy.

• The Senior Information Security Assessor will be part of the Risk & Compliance team in Enterprise Information Security (EIS). The Risk & Compliance team is responsible for assessing and monitoring compliance to our information security policies and procedures across the enterprise
• The Senior Information Security Assessor will oversee, evaluate, and support the documentation, validation, and accreditation processes necessary to ensure new and existing information technology (IT) systems meet the organization's information assurance (IA) and security requirements.
• Ensures appropriate treatment of risk, compliance, and monitoring assurance from internal and external perspectives.
• Maintains confidentiality of log-on password(s) and security of other authentication devices (e.g., key fobs, proximity devices, etc.).
• Ensures privacy and security of information entrusted to their care.Uses company business assets and information resources for management-approved purposes only.
• Adheres to all information privacy and security policies, procedures, standards, and guidelines.
• Promptly reports information security incidents to the Information Security Officer.
• 20% Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
• 20% Develop and Implement information assurance I a independent audit processes for application software/networks/systems and oversee ongoing independent audits to ensure that operational processes and procedures are in compliance with organizational and mandatory IA requirements and accurately followed by Systems Administrators and other cybersecurity staff when performing their day-to-day activities.
• 10% Develop Methods to monitor and measure risk, compliance, and assurance efforts.
• 10% Perform validation steps, comparing actual results with expected results and analyze the differences to identify impact and risks.
• 10% Monitor and evaluate a systems' compliance with information technology IT security, resilience, and dependability requirements.
• 10% Maintain information systems assurance and accreditation materials.
• 10% Provide an accurate technical evaluation of the software application, system, or network, documenting the security posture, capabilities, and vulnerabilities against relevant information assurance I a compliances.
• 10% Develop specifications to ensure risk, compliance, and assurance efforts conform to security, resilience, and dependability requirements at the software application, system, and network environment level. COMPLETION OF WITH PERCENTAGES IS REQUIRED. The major duties/ responsibilities and listed above are not intended to be all-inclusive of the duties, responsibilities and to be performed by associates in this job. Associate is expected to all perform

• Bachelors Degree in Computer Science (or related discipline) CISSP, CRISC, CFCE, GCIH or equivalent security certification
• Minimum 7 years of experience in cybersecurity principles, cyber threats and vulnerabilities.
• Knowledge of information technology (IT) supply chain security and risk management policies, requirements, and procedures. Knowledge of incident categories, incident responses, and timelines for responses.
• Knowledge of how a security system should work, including its resilience and dependability capabilities, and how changes in conditions, operations, or the environment will affect these outcomes.
• Knowledge of risk analysis principles and methods.
• Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities.
• Knowledge of basic system administration, network, and operating system hardening techniques.
• Knowledge of Personally Identifiable Information (PII) and Payment Card Industry (PCI) data security standards.
• Knowledge of conducting Meaningful Use (MU) Assessments Knowledge of computer networking concepts and protocols, and network security methodologies.
• Knowledge of risk management processes (e. g., methods for assessing and mitigating risk).
• Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.
• Knowledge of cybersecurity principles. Knowledge of cyber threats and vulnerabilities.
• Exceptional verbal and written communication skills.
• Capable of relating compliance, technical and nontechnical information to varied audiences with impact.
• Requires knowledge of regulatory and contractual compliance, including PCI, and HIPAA requirements for information systems, security and privacy.
• Proven ability to establish and maintain effective, respectful, and trusting relationships with individuals at all levels of the organization, external colleagues and vendors representing varying needs, personalities, and styles.
• Healthcare background preferred.