Terrific Contract Opportunity!
Position: IT Risk Manager
Location: Richmond, VA 23219
Term: 6 Months
- Work directly with the CISO and the Agency information security team to perform, support and manage ongoing Risk assessments, Business Impact Analysis, governance and System Security Plan reviews and updates.
- Must be able to work independently on multiple tasks performing complex analysis of risk/governance data.
- Generating final work products using information from agency personnel, eGRCS (Archer), security architects and must perform this within the Agency environment.
- Development of risk assessments / system security plans and analysis of governance data will be a primary function. In addition the role will require partnership and interaction with the VITA and internal information technology personnel.
- Performing and documenting business impact analysis, risk assessments, risk exceptions, risk treatment plans and plan of action and milestones (POAMS’), reviewing and assessing SOC2 reports, working with the client team.
- Development of security documentation such as System Security Plans from artifacts and assessments provided by third parties.
Is this a good fit? (Requirements):
- 10+ years of experience and knowledge in IT security governance/compliance, risk management.
- 8+ years of experience in specifically commonwealth ITRM security standards, policies (ITRM SEC501, SEC525, NIST800-53, HIPAA), and procedures and controls.
- 10+ years of working experience using analytical tools, developing spreadsheets, documentation, and security reports.
Even better if you have:
- Certified Systems Information Auditor (CISA) or Certified Information Risk and Controls (CRISC).
- Certified Systems Information Auditor (CISA).
- Archer GRC Tool and COV Sec 501 and COV Sec 525 experience.
If this sounds like the perfect fit, apply today!