Overview
$$60/hr on C2C or $50/hr on W2
Contract - W2
Contract - 11 month(s)
Skills
NIST 800-53
Risk Management
Incident Response
Compliance
Information Security
policy development
procedure documentation
security control assessments
IT auditing
information technology
third-party vendor assessment
operational controls testing
management controls testing
CMS standards
IRS security standards
audit reporting
remediation planning
healthcare compliance
ACA knowledge
CISA
CIA
GSNA
CISSP.
Job Details
Job Title: IT Security Auditor
Location: Richmond, VA (Hybrid)
Onsite Requirement: Tuesdays and Thursdays every week
Interview Format:
1st Round: Microsoft Teams
2nd Round: In-person (mandatory for top candidate) Required/Desired Skills:
Location: Richmond, VA (Hybrid)
Onsite Requirement: Tuesdays and Thursdays every week
Interview Format:
1st Round: Microsoft Teams
2nd Round: In-person (mandatory for top candidate)
Desired Skills:
- Healthcare, health insurance, or ACA background
- Certifications: CISA, CIA, GSNA, CISSP, or equivalent
Job Description:
- Assess current security controls and processes against new CMS, IRS, and SCC security standards.
- Identify gaps and recommend remediation steps to achieve and maintain compliance.
- Plan, lead, and execute development and updates to policies, procedures, and documentation to reflect requirements.
- Design, implement, and train on the process for assessing partners and vendors, ensuring alignment with security standards.
- Develop assessment tools, workflows, and scoring model to evaluate and measure the effectiveness and compliance of vendor and partner security controls.
- Evaluate the security posture of vendors and partners to ensure information security contractual, information sharing, and data sharing agreement requirements are met.
- Test the effectiveness of operational and management controls using interviews, document reviews, and observation.
- Analyze, assess, report, and present on audit findings, risk exposure, and recommendations.
- Support information security continuous monitoring and incident response programs.
- Perform related work as required.
| Skill | Required /Desired | Amount | of Experience |
|---|---|---|---|
| Audit and compliance/information security/information technology experience or combination thereof | Required | 8 | Years |
| Information Security control audit and assessment experience | Required | 4 | Years |
| NIST 800-53 or other security framework | Required | 4 | Years |
| Perform testing, analysis, reporting, and develop remediation plans for compliance with operational and management controls | Required | 4 | Years |
| Develop and update policies, procedures, and documentation | Required | 2 | Years |
| Healthcare, health insurance, or ACA | Desired | 2 | Years |
| Industry recognized certification CISA, CIA, GSNA, CISSP, or equivalent | Desired | 2 | Years |
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.