Security Analyst - Expert In Recruitment Solutions
Reston, VA 20191
About the Job
Responsibilities:
- Perform PCI, SOC2, ISO, and applicable State of Florida cybersecurity controls-related reviews to ensure that current, new, and technology infrastructure complies with these standards and Department's security policies.
- Plan and perform IT security controls effectiveness. Manage remediation efforts for the identified gaps including assessment of new or enhanced implemented controls.
- Maintain IT security risk and compliance matrix and performs management reporting. This will include IT systems controls, and business process risks to meet compliance requirements. Provide risk mitigation strategies
- Maintain Third Party Risk Management Program (TPRM) and analyze SOC-2 and other reporting including mapping to key IT security and compliance controls such as NIST, PCI, and COBIT.
- Manage IT security vulnerabilities management program aligned with PCI and NIST standards.
- Identifying and ranking the value, sensitivity, and criticality of the operations and assets that could be affected should a threat materialize in order to determine which operations and assets are the most important.
- For the most critical and sensitive assets and operations, estimating the potential losses or damage that could occur if a threat materializes, including recovery costs.
- Identifying cost-effective actions to mitigate and reduce risk. These actions can include implementing new organizational policies and procedures as well as the design of technical or physical controls.
- Coordinating, tracking, and verifying remediation of audit findings.
- Documenting the results and developing a plan of action and milestones for mitigating any identified risk.
- Produce formal audit reports based on ISACA Audit Standards.
- Promotes compliance with regulatory requirements (e.g. PCI DSS) and IT best practices.
- 7-10 years of IT Audit experience (CISA certified preferred)
- 3 years of IT Risk Management lifecycle experience
- 3 years of hands-on technical experience (e.g. developer, system administrator)
- Experience working with NIST 800-30 Risk Assessment Standard
- Extensive experience with IT General Controls evaluation and design
- Advanced skill level in business process mapping and documentation as well as policy and procedure development
- Recent experience in Information Security with up-to-date knowledge of the current threat landscape.
- Solid understanding of PCI DSS standards
- Bachelor's Degree in Computer Science, Information Systems, Business Administration, or other related field and/or equivalent work experience.
- CISA and CISSP certifications (preferred).
Source : Expert In Recruitment Solutions
