Description:
Strong background in IT Risk, Controls, Internal Audit, Security Policies implementation, assessment and mitigation.
100% Remote
- SME with various IT Risk and Controls frameworks including ITand information Security - Reviews existing IT Policies and Procedures and performs assessment of gaps in current state. - Supports development of a roadmap to resolve gaps. -Performs risk analysis which also includes risk assessment. -Provide support to plan, coordinate, and implement the organizations information security.-Provide support for facilitating and helping agencies identify their current security infrastructure and define future programs, design and implementation of security related to IT systems.-Provide daily supervision and direction to staff.-Provide highly technical and specialized guidance, and solutions to complex security problems.-Perform elaborate analyses and studies and prepare reports and gives presentations to upper management.Qualifications:-Undergraduate Degree-Proficiency with MS Office Suite (MS Word, Excel, PowerPoint and Outlook).-Strong analytical and problem solving skills.-Superior verbal/written skills and presentation skills and ability to multitask.-Working knowledge of understanding business security practices and procedures.-Knowledge of current security tools available such as hardware/software security implementation and experienced in all aspects of security.
1.What are the top 3 priorities you expect this person to accomplish in the first 90 days?
Helps narrow down immediate business pain points and expectations.
Review and inventory all our primary technology policies along with owners, impacted groups, etc.
Create awareness of policies to the right audience
Begin formulating an assessment of some of the policies to review compliance.
2. Which IT Risk and Controls frameworks are most critical in your environment (e.g., NIST, COBIT, ISO 27001, SOC, ITIL)?
Clarifies the exact frameworks the SME must know deeply.
SME / deep experience in NIST, familiar with the rest.
3. How mature is your current IT risk and controls program, and what gaps have already been identified?
Determines how much foundational work vs. optimization is required.
2-3 out of 5
4. What types of IT policies and procedures will this person be reviewing or developing most frequently?
Identifies where the heaviest workload will be-security, access management, ITGCs, compliance, etc.
Primarily related to Information Security, Data Management, Access Controls, general GRC principles.
5. Can you describe the size and structure of the security and risk team they will be supporting or supervising?
Clarifies leadership responsibilities and team composition.
This contractor would report into the Audit, Risk and Controls organization to enable better preparedness of documenting known risks, policy compliance levels and educating / spreading awareness to the broader tech community.
6. What kinds of security tools and technologies are currently in use, and are there plans to upgrade or replace any of them?
Important to match candidate experience with the technical environment.
Archer and B-wise used in the environment today and potential expansion to ServiceNow GRC module later this year. No specific tech / tool related responsibilities required
7. What business units or agencies will this person work with most often, and how complex are those environments?
Determines stakeholder engagement and cross-functional communication needs.
Tech, Risk and Controls, Information security
8. How frequently will this role interact with senior leadership, and what types of reports or presentations do you expect from them?
Directly ties to the communication and presentation responsibilities.
Once a month to provide updates on assessments / gaps and report on progress.
9. Do you expect this person to lead projects, create roadmaps, or manage timelines for remediation efforts?
Clarifies project management expectations.
Will need to create a plan for this work and track report against the plan
10. What soft skills or personality traits do you believe are essential for success in this role?
Self-driven, confident and ability to interact with senior Directors and VPs.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
- Dice Id: 10113058
- Position Id: 31941522
- Posted 5 hours ago
Never miss an opportunity! Create an alert based on the job you applied for.
