Back to Job Search

Compliance Controls Assessor

  • Location: Lawrenceville, 30046
  • Salary: $55 - $65 / hour
  • Job Type:Contract

Posted about 1 month ago

Location: Lawrenceville, GA
Type: Contract

Our established client is looking for a Compliance Controls Assessor to join their team for a long-term contract opportunity. You will assist the Cybersecurity Team in conducting Security Control Assessments for PCI-DSS, HIPAA,  and CJIS, and working with IT to develop and enhance compliance-related processes. 

Your Role:
•Assist the company in maintaining compliance with PCI-DSS, HIPAA, and CJIS
•Conduct Security Control Assessment kick off and follow-up meetings with key system stakeholders and client senior management
•Assist with translating control deficiencies into action plans and provide recommendations to enhance practices in alignment with risk and compliance frameworks.
•Work with various internal teams and business partners to define and prioritize remediation efforts, tracking remediation activities, and inspecting/validating solutions that have been implemented
•Provide recommendations to management on how to improve current processes and better secure their systems
•Support the Information Security Team in understanding and identifying process risks and designing and assessing process controls to mitigate those risks
• Work with control owners to identify key departmental objectives, risks, and controls
• Effectively document business processes and identify process improvement opportunities
• Assess and evaluate the adequacy of security controls for compliance with various regulatory security requirements
• Determine whether existing controls are effective in addressing risk and achieving management's objectives
• Develop critical client deliverables including Security Assessment Plans, Security Requirements Traceability Matrices, and Security Assessment Reports
• Prepare and deliver audit reports that concisely summarize audit results

Is this a fit? (Requirements) 

BA or BS / MA or MS degree in Computer Science/Engineering, Information Security, Information Systems, Auditing, Information Assurance, Information Security, Intelligence Studies, or Cybersecurity and five (5) years minimum of progressively responsible, professional auditing experience, preferably Big 4 or a mix of external and internal in a large scale Information Technology environment; or, an equivalent combination of education and experience sufficient to successfully perform the essential duties of the job such as those listed above.

Preferred Experience:
• One or more of the following certifications strongly preferred: CIA, CISA, CRISC, CRMA, CFE, or equivalent
• A strong knowledge of risk based advanced IT auditing in a dynamic and changing environment applying appropriate IT control frameworks to evaluate areas of risk
• Minimum 5 years of practical experience directly working with policy and regulatory mandates such as SOC1/SOC2, ISO27001/27002/27031, PCI-DSS, HIPAA, CJIS, and NIST RMF and associated standards such as NIST sp800-171, sp800-34, sp800-53, etc.
• Experience working with other teams to create new processes and procedures to meet security and compliance requirements
• Ability to handle multiple tasks under tight deadlines
• Flexibility to adjust quickly to multiple demands, shifting priorities, ambiguity, and rapid change
• Project management process, tools, and techniques
• Knowledge of technology trends and developments
• Must be a critical thinker with strong problem-solving skills
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to interact, communicate, and relate security and risk-related concepts to technical and nontechnical audiences.
• Excellent presentation and facilitation skills

If this sounds like a fit, please apply!