Overview
Hybrid
$60 - $65
Accepts corp to corp applications
Contract - Independent
Contract - 12 Month(s)
Skills
Auditing
NIST 800-53
CISA
CIA
GSNA
CISSP
Incident Management
Continuous Monitoring
Cloud Computing
Job Details
Job Title: IT Security Auditor
Client: Virginia Information Technology Agency
Location: Richmond, VA
Duration:12 Months
Notes: This is a hybrid role with Tuesday AND Thursday onsite each week and interview will be web and onsite only.
Position overview:
- The SCC s Health Benefit Exchange division is seeking an experienced IT auditor to support our transition to a new security standard and strengthen our third-party risk management program.
- This role will help interpret and implement updated security requirements, conduct audits and assessments of both internal processes and external vendors and partners evaluating controls and recommending improvements.
Job Description:
- Assess current security controls and processes against new CMS, IRS, and SCC security standards.
- Identify gaps and recommend remediation steps to achieve and maintain compliance.
- Plan, lead, and execute development and updates to policies, procedures, and documentation to reflect requirements.
- Design, implement, and train on the process for assessing partners and vendors, ensuring alignment with security standards.
- Develop assessment tools, workflows, and scoring model to evaluate and measure the effectiveness and compliance of vendor and partner security controls.
- Evaluate the security posture of vendors and partners to ensure information security contractual, information sharing, and data sharing agreement requirements are met.
- Test the effectiveness of operational and management controls using interviews, document reviews, and observation.
- Analyze, assess, report, and present on audit findings, risk exposure, and recommendations.
- Support information security continuous monitoring and incident response programs.
- Perform related work as required.
Required Skills:
- Audit and compliance/information security/information technology experience or combination thereof
- Information Security control audit and assessment experience
- NIST 800-53 or other security framework
- Perform testing, analysis, reporting, and develop remediation plans for compliance with operational and management controls
- Develop and update policies, procedures, and documentation
- Healthcare, health insurance, or ACA
- Industry recognized certification CISA, CIA, GSNA, CISSP, or equivalent
About Us:
Since 2000, Tri-Force Consulting Services () has been an MBE/SDB certified IT Consulting firm in the Philadelphia region. Tri-Force specializes in IT staffing, software development (web and mobile apps), systems integration, data analytics, system automation, cybersecurity, and cloud technology solutions for government and commercial clients. Tri-Force works with clients to overcome obstacles such as increasing productivity, increasing efficiencies through automation, and lowering costs. Our clients benefit from our three distinguishing core values: integrity, diligence, and technological excellence.
Tri-Force is a six-time winner among the fastest-growing companies in Philadelphia and a four-time winner on the Inc. 5000 list of the nation's fastest-growing companies.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.