3 month contract to hire
Key knowledge, skills, & abilities
- Solid understanding of information security policies, standards, industry best practices, and frameworks; ability to quickly understand and apply policies and procedures
- Ability to perform control reviews on systems development, operation, programming, control, and security procedures and standards and review a range of applications and computer systems
- Ability to research and interpret regulations and laws and disseminate information
- Ability to multitask, organize and prioritize work to meet deadlines
- Working knowledge in IT security technologies (e.g. infrastructure security, identity & access management), information system infrastructures, applications (web servers, messaging, DNS, proxy, firewall, etc.), operating systems (Windows, Linux, Unix)
- Experience with Information Security, Privacy, IT Audit, Compliance & IT Management Standards: NIST CSF, SSAE-16 SOC1 & SOC2, ISO27000, PCI-DSS, COBIT, & COSO
- Knowledge of auditing concepts and principles; federal, state, and local laws, regulations, and standards
% Time Frequency Duties/Activities
35% Daily, weekly Auditor:
- Assess IT and business processes against standards and internal controls through interviews, reviews of documentation, inspection of systems, and observation of processes
- Conduct auditing activities on state laws and regulations.
- Conduct auditing activities on company systems, networks, and infrastructures; coordinate and monitor third party auditors for audit activities.
- Identifying gaps, risks and process deficiencies of business and IT solutions and/or processes
- Document the results of audits/assessments according to procedures and department standards as part of the audit process; Develop recommendations to address process gaps or improve processes
- Coordinate and conduct various audit activities with external and internal auditors and vendors
- Collect, track, and document audit gaps and manage follow up statuses for monthly audit gaps log/reporting
- Assist with the risk assessment exercise activities by maintaining, documenting known risks from IT and business to be monitored for mitigation and remediation strategies by compliance
- Stay current and bring awareness of any changes to federal, state, and local law requirements
- Coordinate, complete, maintain follow up responses, provide status updates, and track all member questionnaires; log and distribute to the appropriate department contacts for questionnaire input (Questionnaires)
- Liaise and assist external auditors as required (Questionnaires)
- Maintain and manage a master questionnaire matrix (Questionnaires)
- Develop and maintain an appropriate level of understanding of current technologies, regulatory requirements and IT best practices to help in the completion of assignments
- Work in a team environment providing administrative support by maintaining compliance procedures, policies, and materials; coordinates schedules, supports training initiatives, completes projects in support of compliance program and tracking expenses
- Support organizational audit efforts, as assigned
35% Daily, weekly Reporting:
- Collect, evaluate, and maintain data to ensure that required management reporting is completed as needed
- Prepare and submit reports on the results of audits/assessments. These reports should be clear, concise and insightful to provide IT and the business practical solutions
- Compile data of program effectiveness, such as program surveys and program audit result dashboard reporting
- Maintains close communication with Compliance Manager about status, progress toward deadlines and goals and all compliance initiatives
10% Occasionally (ad hoc, as needed) Vendor Management:
- Respond to compliance queries from third parties, members, or external auditors as needed (example: Member Security Questionnaires prior to Information Security Review)
- Prepare, conduct and report on all third party internal compliance questionnaire reviews
- Assist with legal contract due diligence for Master Service Agreements, third party assurance and audit due diligence
- Analyze and classify information from third party supplier/vendors and monitor remediation activities to ensure they are adhered to according to AF standards and internal policies and procedures
If you would be interested in learning more about this opportunity please contact Crystal Min at 813.437.6929 or via email at firstname.lastname@example.org
. Call as soon as possible; interviews are being scheduled as soon as this afternoon!
The Frank Recruitment Group is an award winning, multi-brand specialist global recruitment firm. From our hub offices in the UK, USA, Asia and Australia, we deliver permanent and freelance niche technology experts to vendor channel partners, SME and Enterprise organizations across the globe.
I understand the need for discretion and would welcome the opportunity to speak to any IT candidates that are considering a new career or job either now or in the future. Confidentiality is of course guaranteed. For information on the IT market and some of the opportunities that are available I can be contacted. Please see www.frankgroup.com
for more fantastic Tech opportunities!