Consults with information systems owners to categorize systems; select, implement and assess controls; and frame, assess and monitor risk.
Essential Job Responsibilities (include but are not limited to the following):
Utilizes automated Governance, Risk and Compliance tools to track artifacts of the risk management lifecycle.
Maintains risk management documentation to monitor lifecycle progress, track acceptance decisions and catalog remediation actions.
Responsible for information security preparedness, policies, practices, and identifying and mitigating information security risks to applications, systems, infrastructure, and data.
Enforces information security policies and procedures by administering, and monitoring security reports; reviews SAFR documentation; and investigates possible security exceptions.
Assists in department self-audit, internal audit, external audit reviews, and risk assessments for the department and for end user departments.
Participate in IT security assessment of supplier (3rd party vendors and cloud services) and develop recommendations to improve security and mitigate security risks.
Delivers information risk management services including risk assessments for new and existing Information Technology (IT) automation products and projects
Defines and maintains information security non-compliance (exception) review and approval processes; provides recommendations on information security non-compliance situations.
Assists in the execution of SOX (COSO) compliance activities by testing, collecting, and reporting results to management.
Bachelor’s Degree in Computer Science, Information Systems, or other related field, or equivalent combination of work experience and education.
5 or more years of IT and business/industry work experience encompassing project management, information security, risk management and compliance.
Industry recognized certifications within the domain of information security, information technology and project management (e.g., CISSP, GIAC, CISM, CISA, PMP, etc.) considered a plus and recognized as an indication of work experience.
Working knowledge applying risk management frameworks such as NIST and FISMA
Knowledge of regulatory compliance initiatives related to Sarbanes Oxley/SOX (COSO control framework)
Working knowledge of GRC automated tools (e.g. RSAM)
Demonstrates knowledge of the Fifth District and National Product Office’s businesses and applies this knowledge to initiatives in assigned areas of responsibility (e.g. COSO/FISMA/SAFR/NIST)
Intermediate knowledge of risk management policies, initiatives, and procedures
Knowledge of information security fundamentals, and information security policies and procedures
Experience working with internal and external auditors
Excellent oral and written communication skills, as well as the ability to convey technical and security related issues to business audience
Proficient in the design and implementation of effective IS controls
Evidence of ability to create new processes to improve security and compliance with minimal oversight
University - Bachelor's Degree/3-4 Year Degree
How can we make this page better for you? Add your suggestions below.