Overview
On Site
Full Time
Accepts corp to corp applications
Contract - W2
Contract - Independent
Contract - Long Term
Skills
GRC Analyst
Job Details
Hi Good Morning,
Job: GRC Analyst
Location: Suffolk county, NY
Duration: Long Term
Need's Security Clearance Consultant
Experience 10+ Years
Experience 10+ Years
Job Description-
At the direction of the CIO, CTO, CISO to perform the following activities:
1. When called upon, participate in executive meetings.
2. Verify current Laws and Regulation (Federal, State, County) and all associated compliance requirements for Suffolk County.
3. Review and bolster existing IT Security policy, standards, and procedure development (aligned with industry frameworks (e.g. NIST), including but not limited to the following areas:
1. Enterprise Information and Information Technology Security Policies, Standards and supporting procedures.
2. Incident Management Policy and supporting procedures/testing.
1. Cyber Incident Response Plan
3. System and Application Configuration standards.
1. Server CIS Hardened Builds for Server OS
2. Endpoint CIS Hardened Builds for Endpoint OS
3. Application Secure Coding Standards
4. Disaster Recovery and Business Continuity Policy/Plans/Testing
1. Development of department business impact assessments, risks, contingencies, RTO/RPO
5. Third Party Risk Management
1. Review existing vendor onboarding practices / offboarding practices to align with current industry standards
2. Review existing security addendums
6. Personnel Security
1. Review existing Onboarding practices to align with current industry standards
2. Review existing offboarding practices to align with current industry standards
7. Security Awareness / Policy Acknowledgement
1. Review existing practices to align with current industry standards
4. Enhance current Risk Management and Risk Exception processes and supporting documentation
2. Verify current Laws and Regulation (Federal, State, County) and all associated compliance requirements for Suffolk County.
3. Review and bolster existing IT Security policy, standards, and procedure development (aligned with industry frameworks (e.g. NIST), including but not limited to the following areas:
1. Enterprise Information and Information Technology Security Policies, Standards and supporting procedures.
2. Incident Management Policy and supporting procedures/testing.
1. Cyber Incident Response Plan
3. System and Application Configuration standards.
1. Server CIS Hardened Builds for Server OS
2. Endpoint CIS Hardened Builds for Endpoint OS
3. Application Secure Coding Standards
4. Disaster Recovery and Business Continuity Policy/Plans/Testing
1. Development of department business impact assessments, risks, contingencies, RTO/RPO
5. Third Party Risk Management
1. Review existing vendor onboarding practices / offboarding practices to align with current industry standards
2. Review existing security addendums
6. Personnel Security
1. Review existing Onboarding practices to align with current industry standards
2. Review existing offboarding practices to align with current industry standards
7. Security Awareness / Policy Acknowledgement
1. Review existing practices to align with current industry standards
4. Enhance current Risk Management and Risk Exception processes and supporting documentation
Thank You,
Nitin
Ph:
Email:
;br /> Cystems Logic Inc . (a Sybyte Technologies Inc company)
Soft Logic Inc. (BC, Canada)
US Government Agency Certified: SBE & DBE
Ph:
Email:
;br /> Cystems Logic Inc . (a Sybyte Technologies Inc company)
Soft Logic Inc. (BC, Canada)
US Government Agency Certified: SBE & DBE
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.