Location
Rockville, MD, United States
Posted on
Feb 24, 2022
Profile
Description
This position is responsible for design, implementation, and ongoing maintenance of the IT Compliance Program.
This includes both internal controls definition, interpretation, and adherence efforts as well as supporting our customer's information security requirements.
The successful candidate will also be responsible for helping keep the compliance program current with all applicable US and international IT regulations and guidelines and advising leadership on IT compliance matters.
IT Controls Development
o
Lead in the development of IT controls using best practice frameworks.
o
Evaluate the effectiveness and applicability of IT controls
o
Drive the adherence of IT controls and best practices.
o
Keeping current on cyber best practices, strategies, and concepts.
o
Holding technical teams accountable for security and compliance deliverables.
Compliance Reporting
Conduct compliance reviews and assessments.
Craft reports and dashboards which show the current compliance condition and track relevant goals.
Continually evaluate and baseline internal information security practices against nationally and internationally recognized frameworks.
Support the Cybersecurity maturity program through tracking milestones and, programs, and initiatives.
Work with Quality, Regulatory Affairs, and auditors to provide needed data or materials in the support of audits.
Assist in the delivery of Third Party Risk Management (TPRM) attestations to customers.
Enterprise Compliance Maintenance
Serves as the FedRAMP Program Manager
Work with various IT groups to ensure that IT systems adhere to corporate standards
Interact with various technology teams to confirm findings and mitigation.
Assist in the execution of the Vulnerability Management Program
Support IT Risk, Security, and Compliance certifications activities.
Bachelor's degree in a related field
Minimum of five years of experience in managing complex IT compliance requirements.
Experience with Information Technology and Information Security Concepts
Experience in both U.S. and international data protection and privacy regulatory requirements, such as GDPR, CCPA, etc. (strongly preferred)
Experience managing a FedRAMP program including developing the support deliverables for reauthorization as well as the monthly continuous monitoring standards and criteria.
Experience as an auditor for a complex compliance regime such as ISO 27000, NIST 800-53, NIST 800-171, etc.
Experience leading, managing, and mentoring individuals including direct reports, matrixed reports, and project assigned staff.
The following audit or compliance certifications are preferred, but not required;
CISA - Certified Information System Auditor
CRISC - Certified in Risk and Information Systems Controls
SSCP - Systems Security Certified Professional
CSA CCSK - Certificate of Cloud Security Knowledge
CSA CCAK - Certificate of Cloud Auditing Knowledge
Strong problem solving, decision-making, reporting, communication and management skills.
Strong organization, analytical and project management skills.
Strong planning, implementation and negotiation skills.
Effective interpersonal communication skills.
Proficient computer skills, especially Microsoft Office applications.
Ability to multi-task and track many simultaneous initiatives.
Communication and Technical writing skills.
Must work effectively with a team and individually
Ability to evaluate regulatory documents and determine appropriate action
Strong understanding of risk management concepts and the ability to apply them to a business environment.
Familiarity with compliance certification regimes such as SOC 2, ISO 27001, and PCI. (Preferred)
Understanding of the compliance inner workings and challenges of Amazon Web Services (AWS (Preferred)
Expert level understanding of the following IT Compliance frameworks and regulations and how they apply in the commercial environment;
ISO 27000 (27001 and 27017)
Nist 800-53 or NIST 800-171
FedRAMP
SOC 2 (Preferred)
GDPR or CCPA
(Preferred)
HIPAA
or HiTrust (Preferred)
21 CFR Part 11 (Preferred)
This position requires the ability to work standing up in data centers, data closets and other secure environments, along with the ability to lift moderately heavy equipment when required.
Office based with some travel between office sites.
**MEMBERS ONLY**SIGN UP NOW***.. provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws. ****
Company info
Sign Up Now - ComplianceCrossing.com