Create a Job Alert.

Enter your email below to save this search and receive job recommendations for similar positions.
Thank you. We'll send jobs matching these to
You already suscribed to this job alert.
No Thanks
US
What job do you want?
Apply to this job.
Think you're the perfect candidate?
Apply on company site

You’re being taken to an external site to apply.

Enter your email below to receive job recommendations for similar positions.
GRC Security Engineer at Engage Partners, Inc.

GRC Security Engineer

Engage Partners, Inc. Milwaukee, WI Full-Time
Apply on company site
*This position is 100% REMOTE!!
Duties:
As a member of the IT Security team the Governance Risk and Compliance (GRC) Engineer contributes to a comprehensive information security program. In accordance with industry frameworks (NIST PCI and HIPAA) and business needs to ensure regulatory compliance and operational effectiveness this position leads and collaborates in the development and operation of our IT GRC capability and requires an experienced IT GRC professional to lead initiatives associated with tactical risk analysis of operational controls and their effectiveness; develops and applies risk assessment methodologies and processes and generates artifacts; works with control owners and internal service provider(s) to prioritize the validation of control compliance; and facilitates identification and escalation associated control gaps and their remediation.
1 .Plans implements and maintains the IT security risk management program capabilities and collaborates with Compliance ERM.
2. Provides leadership and supervision over Health IT risk capabilities and compliance activities.
3. Assures assessment process effectiveness measurement and optimization of IT general controls within a complex technical environment.
4. Assists in the creation and maintenance of security risk management standards processes procedures and other program documentation.
5. Develops and executes methods to identify and consider relevant internal and external data to enhance objective data driven risk models.
6. Prepares reports and presentations for diverse audiences with varying business perspectives on cyber security risks and ITGC effectiveness.
7. Supports and administers new Governance Risk & Compliance (GRC) tools implementation and utilization.
8. Performs program management assessments and evaluations to determine compliance with PCI HIPAA and IT general controls.
9. Maintains a strong understanding of security frameworks (NIST CSF & NIST SP800-53) and how these frameworks apply to operational activities within the IT environment.
10. Monitors and analyzes security risks and metrics to identify themes trends correlations and variances.
11. Communicates risk intelligence in a manner that enables business decision-making.
12. Provides risk management subject matter expertise.
13. Provides leadership (no direct people management) to individual contributors building risk capabilities and build program oversight.
14. Assists with the design and implementation of the IT Security Risk Registry.
15. Assists in the establishment of program plans procedures data categorizations risk rank modeling and other factors to provide a holistic representation of IT security risks that the organization faces.
16. Develops implements maintains and oversees enforcement of policies procedures and associated plans for system security administration and user system access based on industry-standard best practices and internal business forces.
17. Assists in the development and execution of formal control structure and assessment risk methodologies processes and artifacts
18. Assists in the development and maintenance of an enterprise security controls framework
19. Processes analyses and tracks risk exception requests
20. Periodically reviews security controls for effectiveness and design
21. Maintains an awareness of proposed security standards state and federal legislations and regulations pertaining to information security.
22. Identifies IT Security requirement changes that will affect the organization’s requirements legal addendums and risk assessments and recommends appropriate changes
Skills:
- A minimum of 5 years of experience in a related field. 6 or more years of experience in a related field.
- In-depth knowledge of cybersecurity frameworks including but not limited to NIST CF HITRUST CSF ISO 27001.
- Experience leading risk assessment and remediation activities
- Expert knowledge of information security risk management frameworks and compliance practices
- Understanding of common healthcare security regulations (e.g. HIPAA HITECH Meaningful Use PCI DSS ISO2700x FDA etc.)
- Familiarity with security auditing and risk assessment processes
- Skill in documenting risk and compliance activities
- Excellent written and verbal communication skills interpersonal and collaborative skills and the ability to communicate strategic information security topics policies and standards as well as risk-related concepts to technical and nontechnical audiences at various hierarchical levels
- Sound knowledge of business management practices Knowledge of common security policy taxonomies and how they inform the creation of standards procedures and guidelines
- Experience responding to analyzing and communicating information security audits
- Understanding of general security concepts including but not limited to cryptography DLP Security Operations Center Security Managed Services SIEM FW Audit Cloud Security Mobile Security
- Self-starter who has the ability to work independently with minimal supervision
- Maturity to accept direction self-confidence to give direction
- In-depth knowledge of cybersecurity frameworks including but not limited to NIST CF HITRUST CSF ISO 27001.
- Experience in the implementation or usage of ServiceNow IRM / GRC
- Certifications preferred: CISA CRISC CGEIT CRMA CISSP & PCI- QSA
- Knowledge of the imbedded operating systems design and implementation desired
Education:
BA in Computer Science or related field is required or equivalent acquired through combination of education and experience.
Required Skills:
AUDIT
AUDITING
AUDITS
BUSINESS MANAGEMENT
CISA
Additional Skills:
CISSP
CRYPTOGRAPHY
CYBER SECURITY
DLP
DOCUMENTATION
DOCUMENTING
ENGINEER
EXCELLENT WRITTEN
EXCELLENT WRITTEN AND VERBAL COMMUNICATION SKILLS FDA GOVERNANCE HIPAA INFORMATION SECURITY ISO ISO 27001 MAINTENANCE METRICS MOBILE SECURITY NIST OPERATIONS OPTIMIZATION PCI PROGRAM MANAGEMENT REMEDIATION RISK ANALYSIS RISK ASSESSMENT RISK ASSESSMENTS RISK MANAGEMENT SECURITY SECURITY ADMINISTRATION SECURITY AUDITS SELF-STARTER SIEM SYSTEM SECURITY SYSTEMS DESIGN
Minimum Degree Required:
Bachelor's Degree
Certifications & Licenses:
CISA
CISSP
Please forward your resume to [ Email address blocked ] - URL blocked - click to apply for immediate consideration.
 

Recommended Skills

Iso/Iec 27001
Pci Data Security Standards
Information Security
Risk Analysis
Certified In The Governance Of Enterprise It
Cyber Security
Get job alerts by email. Sign up now! Join Our Talent Network!

Job Snapshot

Employee Type

Full-Time

Location

Milwaukee, WI

Job Type

Other

Experience

Not Specified

Date Posted

05/10/2021

Job ID

2b17e1c92563
Apply to this job.
Think you're the perfect candidate?
Apply on company site