Position: Cyber Security Controls Assessor
Location – San Francisco, CA
Duration: 12 month+ contract
Certified in Risk and Information Systems Control (CRISC) certification
Certified Information Systems Auditor (CISA) certification
Utility Industry experience,1yr
Experience in Information Technology (IT) risk management, IT compliance, IT Audit, IT security
Experience in project management, job-related
Leadership experience, job-related
• Support Third Party Security and Risk Management Program cycle by overseeing /tracking remediation of deficiencies, Management Action Plans, Risk Acceptance Requests and reporting status of remediation efforts.
• Perform retesting of vendors security controls that have been remediated or updated as a result of previously identified deficiencies.
• Obtain, review, and interpret evidence provided to validate controls are performed effectively.
• Prepare, plan, conduct, and report remediation assessments in accordance with industry best practices and established client standards.
• Obtain, review, and interpret organizational IT policies, standards and procedures to identify control points that would assist in mitigating risk to the business.
• Prepares routine reporting to management and escalates concerns in a timely fashion
• Review test results or interpret evidence for vulnerabilities, gaps, or control deficiencies; work with stakeholders to establish plans for sustainable resolution.
• Liaises with Managers, and Individual Contributors on Vendors Security and Risk Compliance Assessment topics
• Partner with Line of Business contacts and contract owners to ensure deficiency mitigation and documentation is updated periodically to reflect vendors security posture
• Perform other tasks as necessary to ensure Third Party Security Review Team meets its commitments to customers
• Support the Third Party Security & Risk Manager on the preparation of materials for monthly, quarterly, and annual vendors security Compliance reviews and as needed.