Complete Description:
The position is responsible for coordinating and responding to information security audits. The position reviews and documents information security processes, identifies non-complaint areas, and drafts supporting documentation (policies and procedures) that meet state and federal security and privacy requirements.
Duties:
• Audits: Oversee information security audit activities. Ensure compliance with federal and state statutory, regulatory, and contractual requirements. Participate in IRS, HIPAA, SSA, State, and other information security audits. Prepare remediation plans and track agency progress in correcting audit findings.
• Coordination: Schedule meetings with management and technical staff to identify business procedures and incorporate security requirements that meet Federal and State requirements.
• Policy Development: Draft IT policies\standard operating procedures and obtain management sign off on.
Experience:
5 to 6 years of relevant experience; preferred education 4 year college degree or equivalent technical study.
Audits: Experience conducting or participating in information security audits.
• Compliance: Experience overseeing compliance with information security standards including NIST SP 800-53, HIPAA, IRS Publication 1075, SSA, PCI-DSS, ISO 27001, or other information security standards.
• Technical Writing: Experience drafting security policies, procedures, remediation plans.
• Certification in one of the following: CISM, CISSP, CRISC, CISA
Skills:
Skill
Required / Desired
Amount
of Experience
Participate in IRS, HIPAA, SSA, State, and other information security audit
Required
8
Years
Experience in preparation and remediation plans and track agency progress in correcting audit findings
Required
8
Years
Experience in developing security policies, procedures and plans
Required
8
Years
Ability to work with staff in determining business requirements, work flows and processes
Required
8
Years
Experience in participating\ conducting information security audits
Required
8
Years
Audits: Oversee audit activities for the Information Technology Enterprise
Required
5
Months
Ensure compliance with applicable federal and state statutory, regulatory, and contractual requirements.
Required
5
Years
Technical Writing: Draft security procedures, policies and plans to meet Federal and State security and business requirements
Required
5
Years
Policy Development: Draft IT policies and standard operating procedures from start to finish
Required
5
Years
Schedule meetings with management and staff on determining business procedures
Required
5
Years
Ability to incorporate security steps, process and procedures to meet Federal and State requirements .
Required
5
Years
Certification in one of the following: CISM, CISSP, CRISC, CISA .
Highly desired