Senior Security Consultant - Eden Prairie, MN - Georgia IT Inc.
Eden Prairie, MN
About the Job
Job Title : Senior Security Consultant
Location : Eden Prairie, MN
Salary : DOE
Position Type : Fulltime
Interview : Phone
(US Citizens/ GC/GC-EAD/TN/E3/H1B preferred)
C2C available for this job
Job Description
What is the specific title of the position?
Sr. IT Security Consultant - Vendor Information Security Risk Assessment (VISRA)
What Project/Projects will the candidate be working on while on assignment?
Supporting Health Care Company's accelerated approach for assessing high risk critical vendors
Is this person a sole contributor or part of a team?
Part of a team
If so, please describe the team? (Name of team, size of team, etc.)
Reporting to the VISRA Team, the individual will act as a liaison & SME for internal departments & vendors to successfully perform Onsite Risk Assessments in USA. We leverage HITRUST CSF Version 7.0 for our program.
What are the top 5-10 responsibilities for this position? (Please be detailed as to what the candidate is expected to do or complete on a daily basis)
• Perform and manage Onsite Risk Assessments as per process documents
• Ensure vendor compliance to the business agreement, policies, procedures, & regulations along with ability to map controls and compliance requirements
• Review vendor supplied policies & procedures, internal/external assessment reports, agreements and provide feedback
• Provision assessment reports and executive summaries with recommendations & direction regarding remediation efforts and disposition of the third party
• Communicate, escalate, and track vendor progress on assessment remediation activities
• Act as a liaison & SME for internal departments & vendors to successfully manage Vendor Risk Assessment
• Understand information security risks that are inherent to a business and articulate those risks in business terms
• Maintain current knowledge on information security topics and their applicability program requirements
• Engage VRO regarding any delays/deviations during remediation
What software tools/skills are needed to perform these daily responsibilities?
• Advance level experience in MS Word, MS Excel, and MS PowerPoint etc.
What skills/attributes are a must have?
• Experience working with senior levels of management
• Good follow-up skills and detail oriented
• Security expertise including knowledge on different security risk assessment frameworks (NIST/Octave), standards (ISO27001/HITRUST/ITIL/Cobit), and act such as (HIPAA/GLBA).
• Experience in examining the SSAE 16 Audit report
• Knowledge and understanding of different security products (web/email filtering, disk encryption, IDS/IPS, antivirus, DLP, firewall etc.)
• Knowledge of software development methodologies, application security, and OWASP Top 10 guidelines
• Ability to document assessment work papers and preparing assessment report
• Ability to manage vendor assessment independently with minimal supervision
• Strong Communication and Presentation Skills
What skills/attributes are nice to have?
• Possess good project management skills
Where is the work to be performed? (Please list preferred Health Care Company facility, if other please specify i.e. remote work, rural, etc.)
Location : Eden Prairie, MN
Salary : DOE
Position Type : Fulltime
Interview : Phone
(US Citizens/ GC/GC-EAD/TN/E3/H1B preferred)
C2C available for this job
Job Description
What is the specific title of the position?
Sr. IT Security Consultant - Vendor Information Security Risk Assessment (VISRA)
What Project/Projects will the candidate be working on while on assignment?
Supporting Health Care Company's accelerated approach for assessing high risk critical vendors
Is this person a sole contributor or part of a team?
Part of a team
If so, please describe the team? (Name of team, size of team, etc.)
Reporting to the VISRA Team, the individual will act as a liaison & SME for internal departments & vendors to successfully perform Onsite Risk Assessments in USA. We leverage HITRUST CSF Version 7.0 for our program.
What are the top 5-10 responsibilities for this position? (Please be detailed as to what the candidate is expected to do or complete on a daily basis)
• Perform and manage Onsite Risk Assessments as per process documents
• Ensure vendor compliance to the business agreement, policies, procedures, & regulations along with ability to map controls and compliance requirements
• Review vendor supplied policies & procedures, internal/external assessment reports, agreements and provide feedback
• Provision assessment reports and executive summaries with recommendations & direction regarding remediation efforts and disposition of the third party
• Communicate, escalate, and track vendor progress on assessment remediation activities
• Act as a liaison & SME for internal departments & vendors to successfully manage Vendor Risk Assessment
• Understand information security risks that are inherent to a business and articulate those risks in business terms
• Maintain current knowledge on information security topics and their applicability program requirements
• Engage VRO regarding any delays/deviations during remediation
What software tools/skills are needed to perform these daily responsibilities?
• Advance level experience in MS Word, MS Excel, and MS PowerPoint etc.
What skills/attributes are a must have?
• Experience working with senior levels of management
• Good follow-up skills and detail oriented
• Security expertise including knowledge on different security risk assessment frameworks (NIST/Octave), standards (ISO27001/HITRUST/ITIL/Cobit), and act such as (HIPAA/GLBA).
• Experience in examining the SSAE 16 Audit report
• Knowledge and understanding of different security products (web/email filtering, disk encryption, IDS/IPS, antivirus, DLP, firewall etc.)
• Knowledge of software development methodologies, application security, and OWASP Top 10 guidelines
• Ability to document assessment work papers and preparing assessment report
• Ability to manage vendor assessment independently with minimal supervision
• Strong Communication and Presentation Skills
What skills/attributes are nice to have?
• Possess good project management skills
Where is the work to be performed? (Please list preferred Health Care Company facility, if other please specify i.e. remote work, rural, etc.)
Source : Georgia IT Inc.