IT Security Auditor

Overview

On Site
USD 1-1
Full Time
Part Time
Accepts corp to corp applications
Contract - W2
Contract - Independent

Skills

IT Auditor
Information Security Auditor
Security Compliance
Audit and Compliance
Information Technology Audit
NIST 800-53
Security Frameworks
CMS Security Standards
IRS Security Requirements
SCC Compliance
Policy Development
Procedure Documentation
Risk Assessment
Risk Management
Third-Party Risk Management
Vendor Risk Assessment
Security Controls
Operational Controls Testing
Management Controls Testing
Audit Reporting
Remediation Planning
Security Assessments
Incident Response
Continuous Monitoring
Document Review
Interview-Based Audit
Data Sharing Agreements
Security Posture Evaluation
Scoring Models
Compliance Evaluation
CISA
CIA
GSNA
CISSP
Cybersecurity Audit
Health Insurance Audit
ACA Compliance
Healthcare IT Security
Security Governance
Onsite Requirement
Government IT Audit
Virginia SCC
Teams Interview
In-Person Interview
Audit Tools
Compliance Testing
Contract IT Audit Role
Hybrid Work
State Government Compliance.

Job Details

Short Description

SCC's Health Benefit Exchange division is seeking an experienced IT Auditor

ON SITE REQUIRED: Tuesday AND Thursday each week

Parking not provided for contractors

Complete Description

Pls note: The manager will conduct first round interviews on TEAMS and then require the TOP candidate in for a follow up IN PERSON (2nd) interview.

SCC's Health Benefit Exchange division is seeking an experienced IT Auditor

ON SITE REQUIRED: Tuesday and Thursday each week

Parking not provided for contractors





ABOUT THE ROLE



The SCC's Health Benefit Exchange division is seeking an experienced IT auditor to support our transition to a new security standard and strengthen our third-party risk management program. This role will help interpret and implement updated security requirements, conduct audits and assessments of both internal processes and external vendors and partners evaluating controls and recommending improvements.


Responsibilities Include:

  • Assess current security controls and processes against new CMS, IRS, and SCC security standards.


  • Identify gaps and recommend remediation steps to achieve and maintain compliance.


  • Plan, lead, and execute development and updates to policies, procedures, and documentation to reflect requirements.


  • Design, implement, and train on the process for assessing partners and vendors, ensuring alignment with security standards.


  • Develop assessment tools, workflows, and scoring model to evaluate and measure the effectiveness and compliance of vendor and partner security controls.


  • Evaluate the security posture of vendors and partners to ensure information security contractual, information sharing, and data sharing agreement requirements are met.


  • Test the effectiveness of operational and management controls using interviews, document reviews, and observation.


  • Analyze, assess, report, and present on audit findings, risk exposure, and recommendations.


  • Support information security continuous monitoring and incident response programs.


  • Perform related work as required.



Required/Desired Skills

Skill Required/Desired Amount of Experience
Audit and compliance/information security/information technology experience or combination thereof Required 8 Years
Information Security control audit and assessment experience Required 4 Years
NIST 800-53 or other security framework Required 4 Years
Perform testing, analysis, reporting, and develop remediation plans for compliance with operational and management controls Required 4 Years
Develop and update policies, procedures, and documentation Required 2 Years
Healthcare, health insurance, or ACA Desired 2 Years
Industry recognized certification CISA, CIA, GSNA, CISSP, or equivalent Desired 2 Years
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

About OP Consulting Group LLC