IT Compliance - Boston, United States - Integrated Resources

    Integrated Resources
    Integrated Resources Boston, United States

    3 weeks ago

    Default job background
    Description
    The Specialist will develop, update, and maintain IT compliance documentation based on
    IT compliance standards.

    The individual will conduct regular reviews and assessments to coordinate System (Client) Enterprise Risk Management and Security Assurance for the
    (SAFR) reporting requirements.

    Responsibilities - Perform IT compliance, risk assessment, and mitigation. Provide business and technical expertise for compliance including impact level and vulnerability corrective action recommendations and follow-up. Develop, update, and maintain IT compliance documentation based on IT compliance standards. Conduct regular reviews and assessments to coordinate IT compliance testing and reporting requirements. Analyze IT compliance and risk related policies and standards.


    Principal Accountabilities:

    • Performing activities associated with the client information security framework. This includes assisting business lines completing security control self-assessments, preparing System Security Plan documentation, conducting analysis of security control deficiencies, and monitoring risk management activities. Providing status reports of progress.
    • Optionally and skills dependent, candidate could participate in independent security controls testing activities such as technical scanning or management/operational reviews.
    • Executing continuous monitoring activities, including recurring access reviews, and preparing security-related documentation.
    • Assisting peers within the Information Security function with ad hoc risk assessments, such as software/hardware compliance reviews.

    Knowledge and Experience:

    • Working knowledge of NIST 800 series Special Publications, FISMA, or equivalent IT security programs. Background in information technology, information security, computer science, data analysis or equivalent preferred.
    • Knowledge and experience with risk assessments, security plans, and test and evaluation activities.
    • Ability to recommend corrective action plans.
    • Ability to interpret security policies and standards and understand how they can be best applied within an organization.
    • Good organization skills with the ability to exercise discretion and ingenuity to determine the proper course of action while following established standards.
    • Ability to be innovative with resourcefulness and a strong drive for results.
    • Strong communication skills to support team members within the Information Security function and business lines.
    • Excellent written and verbal communication skills.

    Other:

    • Staff working within the Information Security function are expected to obtain an enhanced clearance (NACI level 2 or equivalent).
    QualsRequirements - Working knowledge of NIST 800 series Special Publications and IT Security Program.

    Knowledge and experience normally acquired through, or equivalent to, the completion of a bachelor's degree and - 5 years of job-related experience.

    Certification in related technical discipline desirable.
    #J-18808-Ljbffr