Duration: 12+ months
Compenation: Up to $85/hr
Location: 100% REMOTE (EST preferred)
Responsibilities:
- Developing, implementing and managing IT compliance program.
- Maintaining and manage security documentation.
- Use knowledge and experience of assessing compliance against NIST 800-171, CMMC, CIS, and ISO controls.
- Staying abreast of related federal regulatory compliance laws, mandates, and other requirements.
- Monitor third-party risk assessments and assist in performing internal risk assessments.
- Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle.
- Planning, implementing and overseeing risk-related programs.
- Creating and coordinating proper reporting channels for compliance issues.
- Establish, implement, and maintain the organization's Information Systems Continuous Monitoring program.
- Develop organizational program guidance (i.e., policies/procedures) for continuous monitoring of the security program and information systems.
- Consolidate and analyze POA&Ms to determine organizational security weaknesses and deficiencies.
Experience/Knowledge
- Experience managing compliance activities
- Knowledge and understanding of ISO, FISMA, NIST and SOC-2 information security standards
- Working knowledge of common IT security-related regulations and/or standards such as Sarbanes-Oxley and ISO highly desired
- Experience conducting security control assessments or audits
- Experience developing or managing a security awareness program
- SOC-2 audit experience from a major professional services firm highly desired
- At least one industry certification (e.g. CISA, CISM, CRISC, CISSP, ISAAP) highly desired
- Ability to maintain security documentation and manuals