Terrific Contract Opportunity!
Position: IT Governance Risk Compliance
Location: Phoenix, AZ
Term: 6 -month contract
Rate: $75/hour, DOE
This individual will be directly responsible for implementing, maintaining and improving policies, procedures and internal controls to assure compliance with applicable regulatory and legal requirements as well as best practices. The IT Governance Risk Compliance (GRC) position will drive risk analysis for internal and external third-party risk assessments by designing controls and implementing industry best practice processes for teams and technologies utilized across the organization as well as formulating and updating a risk exception handling and approval process.
The role will work across multiple frameworks and regulatory standards including, but not limited to, ISO 27001, NIST800-171, NIST800-53, NIST CSF, GDPR, CJIS and SOX, etc. This individual will liaise with all business groups including but not limited to Finance, Legal, Audit, HR and other stakeholders to implement new solutions and processes as well as document and remediate outstanding issues. The role will also have responsibility for the implementation and ownership of a GRC system(s) that will be used to further the automation of the program.
- Recommend programmatic and technical directions and operate with a high degree of independence in matters relating to the investigation, impact, and analysis of security incidents, decisions regarding risk, and measures for computer hardware, Applications and network security.
- Operate with a high degree of independence with regard to project management activities, including development of project plans and budget/resource estimates. Internally assess, evaluate, and make recommendations to management regarding the adequacy of the security controls for the agency's information and technology systems.
- Lead the system-wide information security compliance program, ensuring IT activities, processes, and procedures to meet defined requirements, policies and regulations.
- Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
- Execute strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, MARS-E 2.0, HIPAA, NIST 800-53, and more.
- Work with lines of business, state governing agencies, sister agencies and other entities to complete required agency audits.
- Coordinate and track all information technology and security related audits including scope of audits, parties involved, timelines, auditing agencies and outcomes.
- Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the agency in its best light.
- Provide guidance, evaluation and advocacy on audit responses.
- NIST, SOX, Policy creation Understanding of qualitative vs. quantitative risk management and inherent vs. residual risk to properly determine, evaluate, and report on technology risk levels at the project and enterprise level.
- Understanding of security functions including: Incident Management, Change Management, Identity and Access Management, and Vendor Security Risk Management. Knowledge of information security risk management frameworks and compliance practices.
- Understanding of common security standards and regulations relating to a IT Law Enforcement environment (e.g., PCI DSS, NIST 800-53, ISO2700x, etc.)
- Must be well versed with laws and guidelines affecting Government and Law Enforcement entities in the following areas: Protected Health Information (PHI), Health Insurance Portability and Accountability Act (HIPAA),Criminal Justice Information Services (CJIS), Compliance research, Arizona State regulations.
- Ability to develop security standards and guidelines based on best practices and industry standards.
- 8 years Experience leading a governance Risk compliance team Experience responding to, analyzing, and communicating information security incidents. GRC implementation, processes, and practices
- 10 years exp ISO-27001 certification implementation a plus
- Experience with GRC tools, technology, and implementation
- Bachelor degree in Risk / IT