Sr. GRC InfoSec Specialist - Atlanta, United States - Medasource

Description

Position: Senior Info Security Specialist - GRC

Location: Hybrid - Atlanta

Duration: 4 months

JOB PURPOSE:

Responsible for leading risk assessment initiatives of internal and external applications/solutions to

determine their adherence to Piedmont's Policies, Standards and industry best practices. Leading the

development, implementation and management of all activities related to Piedmont Healthcare System's

Information Security Governance, Risk and Compliance Program. Develops enterprise information

security policies, technical standards, guidelines, and procedures necessary to support information

security in compliance with established company policies, regulatory requirements, and generally

accepted information security controls.

KEY RESPONSIBILITIES:

· Leads the technical enforcement of organizational security policies, through the performance of formal Risk Assessments, department self-audit, internal audit, external audit review, Policy and Governance, and internal Threat Analysis.

· Performs periodic and on-demand system and risk assessments, including user accounts, application access, file system and external Web integrity scans to determine compliance.

· Provides reporting and guidance to leadership on corrective action plans of ongoing/past risk assessments, audit initiatives, or product/process improvements.

· Liaise with other teams and departments to ensure implementation of corrective actions resulting from risk assessments and audit initiatives.

· Provides technical information security consulting services to staff responsible for Piedmont's systems.

· Assist with implementation of counter-measures of mitigating controls.

· Performs detailed analysis of business need, identified IT Security impacts or considerations and translates into secure, viable technical solutions.

· Identifies areas where existing policies and procedures require change and suggests appropriate changes.

· Responsible for information security preparedness, policies, practices, and identifying and mitigating information security risks to applications, systems, infrastructure, and data on behalf of Piedmont's business areas.

KNOWLEDGE, SKILLS, ABILITIES

• Working knowledge of GRC automated tools (e.g. RSAM).

• Proficient in the design and implementation of effective Information Security controls.

• Skill and ability to communicate effectively both verbally and in-writing.

• Skill and ability to handle multiple priorities and deadlines.

• Ability to work as a member of a team.

• Skill and ability in Microsoft Office applications.

• Solid understanding of the Information Security & IT controls, Service Organization Controls (SOC), penetration and risk assessments.

• Demonstrated knowledge of generally known information technology platforms, standards, and software development languages