GRC Consultant Job Bloomington area,Illinois USA,IT/Tech

Job Description:

Security Compliance

Required to have excellent understanding of the IT Control framework, in particular risk assessment and control selection.

Working experience in any two of the compliance programs (PCI DSS, HIPAA, ISO 27001, SOC2, SOX, NIST, FISMA, COBIT).

Understand the client requirements and ensure the implementation and effectiveness of the required controls.

Lead teams and efforts to ensure effective execution of periodic risk assessments and drive integration of remediation efforts with the risk management process.

Partner with service delivery leadership to both communicate and manage risk in delivery to an acceptable level.

Partner with delivery team to increase the level of awareness of compliance with policy and process.

Lead and perform activities to help measure and monitor compliance with contractual security requirements, company policies and procedures to ensure the account is compliant and audit ready.

Lead different compliance & audit testing programs and support successful completion of various external compliance certification programs and internal compliance assessments.

Proven ability to lead small teams dedicated to the performance of risk management and assessment responsibilities.

Ability to provide effective management of junior employees and develop appropriate guidance on solutions to mitigate risks and enhance system security.

Coordinate with other representatives to build out world-class compliance program components to include processes, procedures, and technologies.

Deep understanding of privacy and business continuity requirements and support R&C Privacy and BCM teams in execution of their respective program.

Demonstrates ability to work in a virtual team with the help of tools and technologies.

Demonstrates ability to handle conflicting situations and should have strong verbal, written communication & analytical skills.

Must have a systematic and pragmatic approach to problem-solving.

Demonstrates good interpersonal skills and high standards of professional behavior in dealings with business customers, colleagues, and staff.

Have a good technical awareness and the aptitude to remain up to date with information security and IT developments.

Ability to communicate Risk to non-IT business owners and support functions such as HR, GWS, Physical Security, Legal, Contracting, and others.

Ability to communicate risk at all levels of management up to and including C-Level executives.

Translate business, industry, and regulatory requirements into information security objectives and associated tactical/strategic information security initiatives.

Certification such as CISA/CISSP/CISM/CRISC/CGEIT/ISO
27001 or any other security-related certifications are preferred.

Primary Skill:

Understanding of Information Security and standards such as ISO
27001, NIST, CIS etc.

Knowledge of regulatory compliance such as SOX, PCI etc.

Knowledge of Risk Management and Control Auditing principles.

Knowledge of Data Privacy requirements.

Technical knowledge of security principles around Network Security, Perimeter Security, Data Security, End User System security etc.

Technical knowledge on Cloud Security, Threat analysis, VA/PT etc.

Excellent communication skills (verbal and written).

Understanding of general IT Control framework.

BCM Concepts.

Secondary Skill:

Analytical skills.

Strategic Thinking.

Ability to build relationships.

Adaptable to new concerns and changing environments.

Required Experience: Minimum of 5-10 years of relevant experience in Information Risk Management/Information Security or auditing.

#J-18808-Ljbffr


Increase/decrease your Search Radius (miles)



Job Posting Language