IT Security Risk, and Compliance

Position Title : IT Security Risk, and Compliance

Location : Hartford, CT

Position Type : Hybrid Consultant - Onsite 2 days - Remote 3 days per week.

Duration : 6 months to 1 year consultant

SUMMARY :

Our client is a division of the State of Connecticut. They have asked us to find two consulting Governance Risk and Compliance Information Security Technical Writers to satisfy regulatory compliance requirements and manage risk to an acceptable level. These roles are hands-on and will be responsible for actively managing, monitoring, maintaining, analyzing, developing, implementing, advising and responding to ongoing IT security needs.

The individuals selected for these roles will serve as specialists in evaluating and monitoring IT security risk and assist with developing and maintaining compliance controls in adherence with federal and other government required cyber security frameworks.

These roles will also assist with the continuous assessment of adequacy and effectiveness of IT security controls, provide expertise, development, and support to the risk mitigation plans across the organization collaborating with various functional areas and stakeholders, inclusive of vendors and partners.

RESPONSIBILITIES :

• Develop, monitor, and maintain policies, procedures, system security plans (SSP), and plans of action and milestones (POA&Ms) in adherence with regulatory compliance requirements and audit needs.
• Assist with coordinating and executing IT Security & Compliance assessments and audits against federal cyber security frameworks (IRS Publication 1075, CMS MARS-E, NIST Cybersecurity Framework).
• Manage and monitor remediation plans for compliance and mitigation of risk; perform risk and compliance self-assessments, and engage in and coordinate third-party risk and compliance assessments.
• Facilitate, track, and manage vulnerability remediation based on risk categorization, communicating risk, and reporting on mitigation status.
• Assist with documentation, implementation, deployment, and maintenance of the Governance, Risk and Compliance (GRC) tool which would serve as a source of truth for all internal / external audits as well as a central tracking tool for all the identified gaps.
• Participate in technical vulnerability assessments and security reviews of infrastructure, network, applications, and databases.
• Monitor, analyze, and generate reports on company's security landscape utilizing GRC and other state of the art security and compliance tools.
• Assist with responding to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; interact and coordinate with third-party incident responders, including law enforcement.
• Prepare incident response reports that take note of security incidents and action taken to mitigate risk.
• Provide IT security risk expertise to support vendor and project security reviews and initiatives.
• Prepare and work with the different stakeholders to implement business continuity, system-wide disaster recovery and incident response plans.
• Bridge information security requirements with business processes and IT systems and projects.
• Analyze trends, news and changes in threat and compliance environment with respect to organizational risk.
• Analyze and recommend security controls and procedures in business processes related to use of information systems and assets, and monitor for compliance.
• Develop, administer, and provide advice, evaluation, and oversight for information security training and awareness programs.
• Completes other tasks, as assigned.

EXPERIENCE AND SKILLS :

Certified Information Systems Auditor (CISA)

OTHER :

Hallmark and our Client are Affirmative Action, Equal Opportunity Employers. We encourage all qualified people with the current right to work for any employer in the USA to apply.