Job Details

Essential Duties and Responsibilities:
- Responsible for ensuring information security for an assigned area of Business/Project focusing on key areas of risk, as outlined in the Information Security policy, under the direction of the Information Security management team.
- Conduct Information Security risk assessments and compliance evaluations for infrastructure and application assets within required timeframes and to industry standards and regulatory specifications.
- Ensure controls are properly and fully implemented to address identified Information Security risks for assigned area of responsibility.
- Define, create and maintain the documentation for certification and accreditation of each information system in accordance with regulatory requirements.
- Lead and support audits and client reviews of security posture; coordinate the collection, review and submission of Information Security deliverables and track the remediation of audit findings and exceptions.
- Manage expectations with multiple stakeholders on projects and programs in conjunction with the Information Security team.
- Promotion of Information Security awareness through various communication channels within the organization.
- Collaborate with the Information Security team members on process improvements, secure design and recertification of assets.
• Identify potential security control gaps by reviewing evidence provided by stakeholders, system generated reports and/or control implementation statements.
• Perform risk assessments using vulnerability management and application security testing reports.
• Initiate formal security exception process, when required.
• Develop Plan of Action and Milestones (POA&M) as necessary.

Minimum Requirements
- Please refer to the additional information section of the job requisition for this opening to determine clearance eligibility required.
- Bachelor's degree and 7+ years of relevant professional experience required, or equivalent combination of education and experience.
• At least one of the following certifications is REQUIRED: CISSP (preferred), CISA or CISM
• Experience with NIST 800-53 is REQUIRED
• HIPAA experience is required
• Experience with Cloud providers, such as Azure and AWS
• Knowledge of any of the following security frameworks is preferred: IRS 1075, CMS MARS-E/ARC-AMPE, PCI-DS