Overview
On Site
$25 - $30 per hour
Contract - W2
Skills
Audit/Compliance Analyst II
Job Details
Your role as a Policy and Compliance Coordinator will be to administer information security policy and compliance initiatives using ServiceNow GRC. You will ensure policies are maintained, controls are mapped and attestations are designed according to compliance standards. Provide administrative support by implementing procedures and policies in support of compliance auditors. This role will work closely with control and application owners as well as Risk and Audit teams.
What you will be doing
* Coordinate, manage ServiceNow Policy and Compliance module.
* Collaboration with other departments on policy and compliance initiatives.
* Automate best practices of policy and compliance lifecycles.
* Reduce manual effort with automated control testing.
* Simplify compliance with test once, satisfy many methodology.
* Implement continuous monitoring to identify violations and improve response.
* Create and maintain policy and compliance metrics communicating with reports and dashboards to stakeholders.
* Manage short turnarounds and tight deadlines and ensure timely completion.
* Maintain high level quality of work and quality output.
* Create and maintain standard operating procedures and other required documentation.
* Identify and implement improvement opportunities.
* Coordinate information and evidence across the organization
* Work independently and collaborate closely with team members, application owners, contractors, and business partners.
* Work in a distributed team environment where team members are spread across numerous locations and often communicate virtually.
* Maintain working knowledge of security policies and standards.
What you bring
* Bachelor's degree in Information Technology, Computer Science, or related degree IT or cybersecurity experience)
* Understanding of cybersecurity risks, controls, and industry standard cybersecurity frameworks (NIST 800-53, NIST CSF, ISO 27001, etc.)
* Capacity to work in a team environment
* Understanding of project management and Software Development Lifecycle.
* Positive attitude, excellent written communication skills
Additional Qualifications:
* 3+ years of IT or cybersecurity experience
* Experience working with Risk, Compliance, and Audit teams.
* Experience with principles of GRC
* Experience with security governance tools - GRC, IRM, UCF
* Project management experience
* Familiarity with HIPAA, Sarbanes-Oxley Act of 2002, NY DFS, NIST 800-53, ServiceNow, SOC1, SOC2
* Commitment to continuous improvement and innovative approaches