NCDIT Security Spec Compliance EGRC

Job Posted by Devcare Solutions
in Raleigh,North Carolina

Contact Details

  • Name :Resume Devcare
  • Email:Please Login
  • Fax:N/A
  • Phone:Please Login
  • Zip Code:27601
  • Web site:www.devcare.com

NCDIT Security Spec Compliance EGRC Needed in Raleigh,North Carolina

Job Description

The Specialist will perform compliance assessment of Information Technology security controls and ensure timely reporting of issues and remediation actions.
This position reports to State Chief Risk Officer (SCRO) and supports the SCRO in ensuring compliance with Federal and State policies of the Department of Information Technology (DIT) State data centers.  In conjunction with the Enterprise Security and Risk Management Office (ESRMO), the Specialist will perform compliance assessment of Information Technology security controls and ensure timely reporting of issues and remediation actions. The candidate will be responsible for monitoring and testing the effectiveness of NIST security controls and compliance with all applicable Federal, State and pertinent mandates, and policies. This position will also be directly responsible for the oversight of remediation actions using the State’s Governance Risk and Compliance (GRC) tool for tracking and reporting purposes. This position must stay abreast of regulatory changes and assess the impact of the changes to infrastructure and security and privacy policies.
Duties and Responsibilities:
•    Identify aggregate, report and escalate compliance risks, issues and control enhancements
•    Respond to internal and external inquiries for information to clarify regulatory requirements;
•    Assist with development of processes to identify, quantify, analyze, and report on State Data Center Risk and Compliance status
•    Update relevant policies to ensure they reflect regulatory requirements
•    Implement and maintain attestation documentation sufficient to ensure compliance with Federal and State regulatory, legal, and functional related policies and procedures
•    Assist in the execution of governance and management routines.
•    Contribute to monitoring and testing of security controls, plans and related metrics.
•    Configure, Operate and Maintain the statewide GRC tool
•    Monitors risk mitigation and coordinates policy and controls to ensure that other business units are taking effective remediation steps
•    Working knowledge of statistics & the ability to apply statistical techniques in evaluation designs & analysis.
•    Ability to supervise projects & give instructions to technical staff & consultants as needed.  
•    Supports key business initiatives by identifying compliance risks and providing resolutions to manage these risks.
•    Serves as a resource regarding compliance impact on matters such as agency business risks.
•    Leads and reviews application security risk assessments for new or updated internal or third party applications
•    Collaborate with broad group of stakeholders to ensure compliance with State and Federal policies and standards.
•    Serves in an advisory role in application development and infrastructure projects to assess security requirements and controls and ensures that security controls are implemented as planned
•    Participate in other Security & Compliance projects as required
Knowledge, Skills and Abilities / Competencies
•    Education requirement: Bachelor’s degree
•    Requires in-depth knowledge of security issues, techniques and implications across all existing computer platforms
•    Candidate should have the ability to gather & analyze information, identify problems & recommend solutions & ability to interpret laws & regulations as they apply to compliance assessments & technical IT reviews.
•    Thorough knowledge of NIST Risk Management Framework (RMF)
•    Self-starter with minimal management supervision
•    Ability to communicate effectively, both verbally and in written formats
•    Demonstrated excellent analytical, problem solving, and quantitative skills; Ability to exercise discretion and demonstrate sound judgment in making decisions; Ability to apply understanding of  security/controls risk vs. business impact in decision making
•    Ability to work well in team environment
•    Proficiency in word processing and flow charting (e.g., Visio) computer software applications; Proficiency in using advanced features of spreadsheet computer software applications
•    Working knowledge of SOC 2 internal control reports and FedRAMP
•    Working knowledge of ISO27000 series of standards, PCI, FTI, HIPAA, CJIS and FERPA compliance requirements
•    Ability to travel as needed to successfully perform position responsibilities
•    Ability to maintain confidentiality of materials handled
•    Working experience with GRC tools, IBM OpenPages or RSA Archer preferred
•    Minimum Education and Experience Requirements
•    4
years of experience in IT Security, IT Audit or IT Governance Risk and Compliance;
•    IT industry security certification (CISA, CISSP, CRISC or GIAC) or equivalent working experience
Skill
Required / Desired
Amount
of Experience
Enterprise level Governance, Risk, and Compliance (GRC) software platform administration experience
Required
5
Years
Enterprise level NIST Risk Management Framework experience
Required
5
Years
Enterprise level Risk Assessment and RMF Governance experience
Required
3
Years
Experience in securing HIPAA, IRS, PII, PCI and other Federal Data types
Required
3
Years
Enterprise level experience with Security Controls Implementation
Required
3
Years
Experience working with Enterprise Audit and 3rd party assessment teams
Required
3
Years
Enterprise level IBM OpenPages Experience
Highly desired
3
Years
CISSP or equivalent certification
Highly desired
 
 
 
Question 1
Absences greater than two weeks MUST be approved by CAI management in advance, and contact information must be provided to CAI so that the resource can be reached during his or her absence. The Client has the right to dismiss the resource if he or she does not return to work by the agreed upon date. Do you accept this requirement?
Question 2
All work must be completed on site. Do you accept this requirement?
Question 3
Please list candidate's email address HERE that will be used when submitting E-RTR.
Question 4
Please indicate how soon this candidate is available to start work. Vendors are encouraged to submit candidates that are available for the duration of the assignment.
Question 5
Vendor must disclose to the agency if the candidate will be subcontracted at the time of submission. Do you accept this requirement?
Question 6
Vendor must notify the agency if any portion of the requirements listed in this task order are to be outsourced to other countries. Do you accept this requirement?
Question 7
Candidates submitted above the rate of $86.03 may not be considered. Do you accept this requirement?
Question 8
Please note – that if your candidate is selected for hire, the Iran Divestment Act Certification form must be completed and uploaded to the Compliance tab as a part of the onboarding process. This form must be received within a timely manner (expectation 1 business day). Without this form, the Purchase Order cannot be generated and your candidate cannot begin work. Do you accept this requirement?
Question 9
Fingerprint Background Check- This position requires the selected candidate to undergo a fingerprint based background check with successful results. Do you accept this requirement?

Skills

N/A

Job Type

N/A

   Apply Job Share Job

Related Jobs

No Jobs found.

Job Overview

  • Ref Id:150
  • Date Posted:05-09-2018
  • Location :Raleigh,North Carolina
  • Duration :6 Months
  • Experience :1
  • Pay Rate:N/A
  • Visa Type:Green card,Have H1 Visa,US Citizen
  • Travel Required : 0% - No Travel
  • Tele Communicate:No