Information Security, Technology Risk Management - 100% Remote

  • NY-112, Medford, NY, USA
  • Employees can work remotely
  • Full-time

Company Description

VTekis Consulting LLC provides complete solutions for Staff Agumentation, Recruitment Process Outsourcing, Contract Hiring, Direct Hire and Outsourced Solutions. Our goal is to deliver quality professional services to our clients not just to find someone to do a job, we match the right professional for your staffing needs and earning confidence through the proper assignment of people. This alignment of people and companies allows us to create opportunity. Most importantly, We don’t consider the process complete until we find the perfect fit.

 

Job Description

This Position is a 100%Remote job.

Must Have:

 

7 to 10+ years of experience in IT Security, Risk & Compliance, or IT Audit. Experience and knowledge of information security concepts / principles and audit / risk assessment methodologies.

 

Bachelor’s Degree in Computer Science, IT, Security, or related field; Master’s degree in related field a plus.

 

CISA, CISM, CISSP, CRISC, PCI-QSA, CGEIT (certifications)

 

Must possess excellent oral and written communication skills with the ability to interact and communicate with technical personnel, non-technical personnel, and senior management

 

The individual must be pro-active, flexible, and able to work independently, adjusting quickly to changing priorities and conditions.

 

Job Description:

 

The Manager - Information Security, Technology Risk Management resource will perform security assessments to ensure compliance with internal policies, controls, and standards, as well as client and regulatory security requirements.

 

These assessments include evaluating technological, operational, and process controls to evaluate the design and implementation of security controls.

 

The individual will be responsible for risk and compliance management to include risk assessments, customer requirements, ISO 27001 requirements, PCI DSS requirements, and other regulatory compliance requirements. Additionally, the individual will be responsible for HIPAA audits, PCI DSS audits, Service Organization Controls (SOC) audits, SSAE 16 / ISAE 3402 audits, customer audits, and other compliance / regulatory audits, as needed.

 

This position will be based in the US and will provide support to accounts affiliated with the Houston and Chesapeake Sites, as well as work-at-home accounts.

 

There may occasionally be a need to travel to other locations. The position reports to the Information Security Manager for the Healthcare Vertical in the Americas.

 

The individual will interface closely with Service Delivery Management, Site Directors, other Information Security resources, and functional heads across Human Resources, Physical Security, Information Technology, and Facilities.

 

RESPONSIBILITIES:

 

Conduct assessments of Information security controls to measure the effectiveness of controls and identify control gaps

 

Identify, assess, and prioritize identified risks

 

Collect evidence, artifacts, and document findings to support conclusions

 

Report on compliance with internal policies, controls, and standards

 

Provide recommendations for remediation of identified deficiencies

 

Track and report on findings/deficiencies to closure

 

Coordinate third-party risk assessments and audits, to include HIPAA audits, PCI DSS audits, Service Organization Controls (SOC) audits, SSAE 16 / ISAE 3402 audits, customer audits, and other compliance / regulatory audits

 

Manage remediation efforts and report on the status of control deficiencies

 

Support information security investigations

 

Support security initiatives and global policy adherence and awareness efforts

 

Ensure that new client engagements adhere to the required information security controls and policies

 

Support global information security metrics and reporting program(s)

 

Provide security expertise to business units and key stakeholders

 

Enforce policy adherence and manage formal policy exception requests

 

Ensure compliance to standards and regulations such as ISO 27001, PCI DSS, and state and national information security laws

 

Identify and document contractual/client information security requirements

 

Respond to information security requests, from various internal stakeholders, in a timely manner

 

Provide timely updates on assessments and assigned projects

 

Build relationships and partner with business units and IT departments

 

QUALIFICATIONS:

 

The individual must possess excellent oral and written communication skills with the ability to interact and communicate with technical personnel, non-technical personnel, and senior management.

 

The individual must be pro-active, flexible, and able to work independently, adjusting quickly to changing priorities and conditions.

 

Must demonstrate strong leadership attributes as well as the innate ability to follow and be a supportive team member.

 

Education Requirements:  Bachelor’s Degree in Computer Science, IT, Security, or related field; Master’s degree in related field a plus.

 

Experience Requirements:  7 to 10+ years of experience in IT Security, Risk & Compliance, or IT Audit. Experience and knowledge of information security concepts / principles and audit / risk assessment methodologies.

 

Certification Requirements: CISA, CISM, CISSP, CRISC, PCI-QSA, CGEIT, and/or CIA –IIA certifications a plus

Thanks and Regards,

Mohammed Ilyas,

PH - 229-264-4029

Additional Information

All your information will be kept confidential according to EEO guidelines.