IT Security Auditor

DataStaff, Inc. is seeking an IT Security Auditor for a long-term contract opportunity with one of our direct clients in Richmond, VA.

*This position is hybrid; 2 days per week will be onsite
Responsibilities:

• Support the transition to a new security standard and strengthen our third-party risk management program.
• Help interpret and implement updated security requirements, conduct audits and assessments of both internal processes and external vendors and partners evaluating controls and recommending improvements.

• Assess current security controls and processes against new CMS, IRS, and security standards.
• Identify gaps and recommend remediation steps to achieve and maintain compliance.
• Plan, lead, and execute development and updates to policies, procedures, and documentation to reflect requirements.
• Design, implement, and train on the process for assessing partners and vendors, ensuring alignment with security standards.
• Develop assessment tools, workflows, and scoring model to evaluate and measure the effectiveness and compliance of vendor and partner security controls.
• Evaluate the security posture of vendors and partners to ensure information security contractual, information sharing, and data sharing agreement requirements are met.
• Test the effectiveness of operational and management controls using interviews, document reviews, and observation.
• Analyze, assess, report, and present on audit findings, risk exposure, and recommendations.
• Support information security continuous monitoring and incident response programs.
• Perform related work as required.

Required Skills:

• 8 Years - Audit and compliance/information security/information technology experience or combination thereof
• 4 Years - Information Security control audit and assessment experience
• 4 Years - NIST 800-53 or other security framework
• 4 Years - Perform testing, analysis, reporting, and develop remediation plans for compliance with operational and management controls
• 2 Years - Develop and update policies, procedures, and documentation

Desired Skills:

• 2 Years - Healthcare, health insurance, or ACA
• 2 Years - Industry recognized certification CISA, CIA, GSNA, CISSP, or equivalent

This opportunity is available on a corp-to-corp basis or as a W2 position with a competitive benefits package. DataStaff, Inc. offers medical, dental, and vision coverage options as well as paid vacation, sick, and holiday leave. As many of our opportunities are long-term, we also have a 401k program available for employees after 6 months.