GRC Consultant

GRC Consultant

Erlanger, KY( 5 days onsite)

Contract

13+ candidate only

• The Security and Compliance Analyst is responsible to perform the following duties
• Review Projects and their technical design documents for Information security risks and advise on suitable controls and mitigations at early stages of the program
• Fair understanding of Technology Landscape Applications Infrastructure Cloud and review
• Clients information security and related threats and vulnerabilities legal and regulatory
• requirements
• Good Understanding on Security Standards like ISO 270012 SOX ITSOC1 or SOC2
• DevSecOps OWASP top 10 Business Impact analysis ISO 22301 ISO 27005
• Assess and classify all potential business and infrastructure information risks
• Review and advise on information security risks of vendor offerings Newleveraging existing SAAS PAASIAAS services including integration with Client environment
• Conduct risk assessment on Applications Network Systems according to Client policies applicable Standards legal regulatory requirements
• Identify the risks in the Client Projects provide recommendations for remediation of identified risks
• Translate Technical legal and Regulatory Compliance obligations into a cohesive collection of Security Controls and provides the respective stakeholders with the IRM requirements and its implementation methodologies
• Identify or design the controls for implementation based on the outcome of Risk Assessment its remediation and residual risk
• Ensure all the controls outlined for an applicationInfrastructure are designed effectively
• Review Vulnerability Assessment and Penetration Test scan results and recommend the risks to be remediated
• Review and approve the control design of supplier and their organization technical specifications against Client security control requirements
• Ensure all the risks are documented classified and tracked with appropriate action as per the IRM standards
• Work with Project Managers Business Analysts Architecture and Support Team to ensure Client Information Risk Management standards are being followed
• Test the control effectiveness post implementation or deployment of controls and technologies

• Conduct Security governance with Client stakeholders
• Technology
• Understanding of Cloud Security SAAS IAAS and PAAS and Onpremise infrastructure
• Understanding of secure application development and support
• Knowledge on Network Security Data Security Practices EndPoint Security Identity and
• Access Management
• Knowledge on Business Continuity Plan and Disaster Recovery
• JD Keywords
• Security Risk Assessment ISO 270012 SOX ITSOC1 or SOC2 DevSecOps OWASP
• top 10 Security Risk Management Business Impact analysis Design Controls Data
• Security Security Policy review Business Continuity Cloud Security Network Security
• Identity and Access Management ISO 22301 ISO 27005 Control testing Control

assessment

Knowledge and skills

• Projects Stake holder Management Governance Management Reporting
• Very good communication skills Agile Project delivery
• Cloud Security controls Data Security SeInfo baselines Privacy requirements
• Relevant experience level
• 4 to 12 or 13 years according to Client Job Grade
• Education Background
• BTech CA MBA MS Info Sec MTech
• Industry Certifications
• ISO 27001 Lead Auditor or Lead Implementor CISA CRISC CISM CISSP

Skills

Mandatory Skills : NIST CSF, NIST 800-53,Security GRC assessment