IT Security Auditor

Overview

Hybrid
$50 - $55
Contract - W2

Skills

Auditing
CISA
CISSP
Continuous Monitoring
Documentation
IT Security
Incident Management
Information Security
Information Technology
Management
Microsoft Exchange
Regulatory Compliance
Reporting
Risk Management
Security Controls
Testing
Workflow

Job Details

SCC - IT Security Auditor 3 - Both WEB AND IN PERSON IVS (768270)

Location: Richmond, VA

Interview mode: Both virtual and In person

Pls note: The manager will conduct first round interviews on TEAMS and then require the TOP candidate in for a follow up IN PERSON (2nd) interview.

SCC s Health Benefit Exchange division is seeking an experienced IT Auditor
ON SITE REQUIRED: Tuesday and Thursday each week

ABOUT THE ROLE

The SCC s Health Benefit Exchange division is seeking an experienced IT auditor to support our transition to a new security standard and strengthen our third-party risk management program. This role will help interpret and implement updated security requirements, conduct audits and assessments of both internal processes and external vendors and partners evaluating controls and recommending improvements.

Responsibilities Include:

Assess current security controls and processes against new CMS, IRS, and SCC security standards.

Identify gaps and recommend remediation steps to achieve and maintain compliance.

Plan, lead, and execute development and updates to policies, procedures, and documentation to reflect requirements.

Design, implement, and train on the process for assessing partners and vendors, ensuring alignment with security standards.

Develop assessment tools, workflows, and scoring model to evaluate and measure the effectiveness and compliance of vendor and partner security controls.

Evaluate the security posture of vendors and partners to ensure information security contractual, information sharing, and data sharing agreement requirements are met.

Test the effectiveness of operational and management controls using interviews, document reviews, and observation.

Analyze, assess, report, and present on audit findings, risk exposure, and recommendations.

Support information security continuous monitoring and incident response programs.

Perform related work as required.

SCC - IT Security Auditor 3 - Both WEB AND IN PERSON IVS! (768270)

Required / Desired Skills

Skill

Required / Desired

Response( Candidate Years of Experience)

Amount

of Experience

Audit and compliance/information security/information technology experience or combination thereof

Required

8

Years

Information Security control audit and assessment experience

Required

4

Years

NIST 800-53 or other security framework

Required

4

Years

Perform testing, analysis, reporting, and develop remediation plans for compliance with operational and management controls

Required

4

Years

Develop and update policies, procedures, and documentation

Required

2

Years

Healthcare, health insurance, or ACA

Desired

2

Years

Industry recognized certification CISA, CIA, GSNA, CISSP, or equivalent

Desired

2

Years

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.