Job Seekers, Please send resumes to resumes@hireitpeople.comShort Description:
Advanced knowledge of security standards and experience performing security audits. Experience in Governance Risk and Compliance (GRC).
Complete Description:
- This is a hands on role working directly with Agencies on completing Risk Assessments and Security Plans. This is not a leadership or strategic role.
- This is not a role to implement a new Security Program (the department has established a Security Program).
Years of Experience:
10 or more years with IT security and audit experience with extensive knowledge of national/international security standards including NIST, PCI, CJIS, CMS, ISO, SOX, HIPAA, HITECH and other regulatory requirements.
Job Description:
Advanced knowledge of security standards and progressive experience performing security audits.
- Assist the Risk and Compliance Director with risk assessment process re-engineering within the LockPath GRC tool
- Assist in establishing efficient processes for Risk Assessment processes within the GRC tool as part of LockPath Reengineering Project(s).
- Perform gap analysis of security requirements implemented within the LockPath GRC tool and risk assessment process according to security statute, regulation, standards and SOM policies
- Cross-map HIPAA, IRS, CMS, PCI and CJIS security requirements to NIST and State of Michigan Baseline controls
- Document LockPath process design including business and security requirements
- Identify and design reports within the LockPath GRC tool and assist the Risk and Compliance Director to establish monitoring program
- Assist with establishing Cyber Security Framework for the State of Michigan.
- Other cyber security related tasks as assigned
- Assist with MICWRAP Risk Assessment volume of work for agencies.
Skill | Required / Desired | Amount | of Experience |
Information Technology Experience | Required | 10 | Years |
IT Security and/or Audit Experience | Required | 10 | Years |
PCI, NIST, FISMA, HIPPA, CJIS, or related experience | Required | 5 | Years |
Experience working in large, complex business and/or IT environments | Required | 10 | Years |
Bachelors or Masters Degree in Computer Science, MIS, Business, Accounting, or Engineering (or related) | Required | 4 | Years |
Technical skills: knowledge and experience in IT security statutes, regulations, and standards, experience in GRC tool(s). | Required | 5 | Years |
CISSP/CISM certification | Highly desired |
Practical experience with a commercial Governance, Risk & Compliance platform | Desired | 3 | Years |
Practical experience working with business and IT stakeholders to complete Risk Assessments | Desired | 3 | Years |
