Job Description
This individual contributor role executes and/or assists in the planning and execution of ITRM compliance assessment and consulting projects, as well as driving and coordinating the design and implementation of appropriate controls. Additionally, this role manages medium-size ITRM service delivery and engagements, and components of larger initiatives. This role also develops ITRM processes and/or methodology for designated ITRM initiatives by documenting process and/or methodology requirements and acceptance criteria from process owners and key stakeholders and collects and reports performance metrics using company software/reporting tools.
Essential Responsibilities
- Completes work assignments and supports business-specific projects by applying expertise in subject area; supporting the development of work plans to meet business priorities and deadlines; ensuring team follows all procedures and policies; coordinating and assigning resources to accomplish priorities and deadlines; collaborating cross-functionally to make effective business decisions; solving complex problems; escalating high priority issues or risks, as appropriate; and recognizing and capitalizing on improvement opportunities.
- Practices self-development and promotes learning in others by proactively providing information, resources, advice, and expertise with coworkers and customers; building relationships with cross-functional stakeholders; influencing others through technical explanations and examples; adapting to competing demands and new responsibilities; listening and responding to, seeking, and addressing performance feedback; providing feedback to others and managers; creating and executing plans to capitalize on strengths and develop weaknesses; supporting team collaboration; and adapting to and learning from change, difficulties, and feedback.
- Develops ITRM processes and/or methodology for designated ITRM initiatives by documenting process and/or methodology requirements and acceptance criteria from process owners and key stakeholders; and collecting and reporting performance metrics using company software and reporting tools.
- Executes and/or assists in the planning of ITRM compliance assessments and consulting projects by conducting intake, planning and coordination activities for new or revisions to technology systems or services; and driving and coordinating the design and implementation of appropriate controls through the sustainment phase.
- Manages ITRM service delivery and engagements of medium size or complexity, or components of larger initiatives by managing multiple workstreams, including stakeholder communications and team mentorship; and managing financials for assigned initiatives
Minimum Qualifications
- Bachelor’s Degree in MIS, Information Security, Accounting, Finance, Audit, or related field and Minimum six (6) years experience in IT risk management, compliance, auditing, or information security. Additional equivalent work experience in a directly related field may be substituted for the degree requirement.
Additional Requirements
- Responsible for performing end to end technology risk assessments with an emphasis on HIPAA. Senior Assessors are expected to perform multiple assessments simultaneously and as a result, a typical day would consist of performing multiple phases (scoping, fieldwork, reporting, management response) of different assessments. Ideal candidate experience and qualifications include:
- Experience in controls design and controls assessment
- Experience with risk / control frameworks / standards: NIST SP 800-53, NIST CSF, HITRUST, etc.
- Ability to lead and facilitate end to end risk assessments (Scope, Planning, Kickoff, Fieldwork, Reporting, Management Response)
- Experience assessing cloud technologies
- Technical writing that effectively communicates security and compliance concepts and issues in a manner that is understood by non-technical audiences.
Licenses and Certifications
One or more of the following certifications are preferred but not required
- CISM
- CISA
- CRISC
- CISSP
- CCSP
Preferred Qualifications
- Two (2) years in an informal leadership role working with business or technical teams.
- Two (2) years of work experience in a role requiring interaction with senior leadership (e.g., Director level and above)
- Three (3) years experience writing ITRM documentation and assessment reports.
- One (1) year developing IT compliance frameworks or ITRM methodologies.
- Three (3) years experience working in a large matrixed organization.
- CISSP or comparable certification.
- CISM or comparable certification.
- CISA or comparable certification.
- QSA or ISA certification.
- PMP certification.
- ITIL certification.
- DBMS certification.
- Bachelor’s Degree in MIS, Information Security, Accounting, Finance, Audit, or related field.
- Three (3) years experience working with IT general controls (e.g., IT change management, access controls, security controls, etc.).
- Three (3) years experience working with database and security technologies.
Benefits
- Transportation.
- Life insurance.
- Medical insurance.
- Solidarity association.
- Growth plans.
- Additional days off.
K4