Senior Security Risk and Compliance Specialist
Doral, FL | Direct Hire
The Senior Security Risk and Compliance Specialist is a critical member of the Information Security Governance, Risk and Compliance team. The role is responsible for translating industry, government and contractual compliance requirements (SOX, FFIEC, SSAE16, etc.) into IT Security and Risk Management frameworks, policies, standards and best practices.
Note: This is not and auditor or assessor role. The incumbent must demonstrate good understanding of both the audit process (performing an audit) and the compliance management process (responding to an audit). Incumbents with just audit level experience will not be considered.
· Responsible for analyzing and implementing risk and compliance management frameworks, policies, standards and best practices in support of the Information Security Governance, Risk Management and Compliance Programs.
· Responsible for assisting in the identification, analysis and assessment of information risk scenarios.
· Provide security expertise and guidance around security issues and recommend solutions to mitigate and eliminate compliance risks to information assets.
· Support technology in the evaluation of risks and controls, particularly when evaluating the risk and controls of high-risk systems and applications.
· Provide education and advisory services to applications/systems/data owners and help them understand control objectives, control design, and how to evaluate control operational effectiveness.
· Assist in the acquisition and vendor compliance assessment, procurement and evaluation of vendors and products.
· Develop and manage third party risk and compliance management process.
· Maintains relationships with internal and external audit and compliance agencies to facilitate execution of audits.
· Assist with remediation efforts and recommendations as it relates to external and internal security audits.
· Review risk and control self-assessment results, and communicate with the application/systems/data owners key concerns and questions.
· Bachelors in Computer Science, Information Systems Security or related field.
· Certified Information Systems Security Professional (CISSP) ,Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) and Certified Chief Information Security Officer (C|CISO) desired.
· Minimum 4-6 years of experience in a similar role with a proven record of successful development and management of compliance management frameworks at a mid to large-scale enterprise environments.
· Experience developing frameworks and processes to drive a risk-based approach incorporating standard frameworks such as COBIT, ITIL, ISO and NIST into an enterprise compliance management process.
· Experience with policy and control development as it relates to meeting compliance requirements from relevant regulations such as SOX, FFIEC, PCI and others.