- The candidate will assist with various GRC tasks including client due diligence, security awareness, internal audit remediation, security controls strategies, and third-party/vendor risk management.
- Risk - Lead the development and implementation of the system-wide risk management function of the information security program to ensure information security risks are identified and monitored
- Risk - Internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the information technology systems.
- Policy/Compliance - Lead the system-wide information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies and regulations.
- Policy/Compliance - Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
- Policy/Compliance - Execute the strategy for dealing with the increasing number of audits, compliance checks and external assessment processes for internal/external auditors, NIST, SOC2, FedRAMP.
- Policy/Compliance - Documentation review; drafting of policy, procedures and standards, certification and accreditation documents
- Familiarity with SOC2 and FedRAMP audit processes is a plus.
- Professional certifications including CISA (Certified Information Systems Auditor), and/or CISSP (Certified Information Systems Security Professional) is a plus.
- 5 + years' experience, prefer in the tech sector
Data Governanace Consultant - San Jose, United States - NR Consulting
Description
Job Title:
GRC Consultant
Duration: 12+Months Contract
Location:
San Jose CA ( Day 1 Onsite )
Job Description:
Requirements