Fantastic opportunity for a Security Governance Specialist!
Our Chicago-based client is seeking a Security Governance Specialist to develop and evaluate compliance with programs, processes, and procedures to mitigate cybersecurity risk and ensure protection of company information and assets for the External Data Solutions team.
The Security Governance Specialist researches and suggests interpretations of industry and government regulations, standards, and contract requirements for application to assigned area of operations.
This individual will be a key contributor managing operational activities to reduce risk to our company in close consultation with Information Security and other business partners and will hold relevant skills including an intermediate working knowledge of business/technology risk leveraging NIST cybersecurity framework and lifecycle (Identify, Protect, Detect, Respond, and Recover). .
Please submit your resume with the link to your LinkedIn Profile.
- Lead analysis of business and technical needs for assigned area to create requirements and specifications.
- Develop, communicate, and execute portions of programs and processes that provide guidance and promote cybersecurity risk awareness and management in alignment with operational needs.
- Serve as point of contact for risk remediation issues and will manage inquiries from audit, ad hoc information requests, and collaborate with cross-functional teams that act as inputs to and consumers of risk remediation data.
- Track metrics and document / analyze results to provide insight and suggestions for changes and enhancements.
- Review and analyze research, documentation, and guidance from Legal resources of regulatory, contract, and industry requirements for cybersecurity governance to develop and approve potential application. Coordinate and communicate
required submissions and documentation.
- Develop and expand knowledge of risk and governance management, information security best practices, risk assessment methodologies. Demonstrate capability to communicate and explain complex regulatory topics to less-experienced team members.
- Bachelor's Degree or equivalent experience
- 4+ years of IT experience (business/information/security analyst) with at least 1 year experience in a Security domain
- Knowledge of PCI DSS, HIPAA, ISO, NIST, and IT Controls
- Intermediate decision-making skills and ability to escalate when appropriate
- Ability to establish and manage relationships with internal and external partners
- Intermediate time and project management skills including ability to prioritize and organize
- Intermediate knowledge of Microsoft Suite (Word, Excel, PowerPoint)
- Ability to think conceptually, analytically, and creatively
- Perfect oral and written communication skills
- Ability to analyze data and apply it to problem resolution