This person is an extension of another contractor who was tasked to do security assessments and analysis. Standing up revised program for control assessments monitoring program etc. . Someone to help with program. They will be working with a lot of data, translating in our ISPS and making sure we are getting the right type of data that fits the test. Looking for someone who has been in IT audit and IT compliance (previous experience) and understands basic IT audit processes and procedures. Has the ability to write control tests, understands privacy and regulation (CISA/HIPA) and has experience with testing controls. Should be able to work with minimal supervision. They will also need to have experience on documents writing out processes and reporting
The primary purpose of this position is to perform security assessments of IT controls. This role will be responsible for executing and managing the workflow of security assessments throughout the enterprise (assessment scoping, evidence collection, reporting, process metrics, and process improvement).
Work with GIS Compliance and segments to assess controls as well as identify security gaps Conduct interviews to clarify processes, understand all technology involved in service delivery and identify control gaps. Obtain and review relevant artifacts to support the assessment of security controls and procedures . Identify and assess IT related risks and control weaknesses to define appropriate remedies and minimize security threats. Collates conclusions and recommendations. Presents assessment findings to management regarding the effectiveness and efficiency of control mechanisms in third party financial and accounting systems. Manage inventories, scoping, planning, scheduling and execution of assessment, remediation efforts and compensating control creation, focusing on overall status to management. Provide assessment results (findings, impact and recommendations). Stay abreast of compliance and assessment trends within the Company, Legislators, Suppliers and regulatory bodies. Seek to continuously improve efficiencies related to management of service providers.
Basic Qualifications:
4+ years of IT audit, or IT security and/or compliance experience Prior experience working within a global Media or entertainment organization, supporting enterprise level Accounting and finance departments CISA Knowledge of laws, regulations, and industry requirements related to Information Security (i.e. GDPR, Payment Card Industry, Domestic and International Privacy regulations) . Knowledge and experience with diverse IT architectures and enterprise IT data centers, external hosted services and cloud computing environments used to dispense financial and accounting services. Knowledge of configuration management, change control/problem management integration, risk assessment and acceptance, exception management and security baselines (e.g. COBIT, CIS Baselines, NIST, vendor security technical implementation guides, etc.) Knowledge of US Financial regulations and reporting requirements SOX, SSAE, IAS.
Preferred qualifications:
External audit (e.g., Big Four) and /or internal audit (e.g., Fortune 500) 1+ years of program and project management experience 1+ years of experience in third party risk management or IT vendor management experience. Experience implementing or assessing the security of IT systems. Experience assessing compliance, design and operational effectiveness of IT security controls in a large international company. Knowledge of Cloud and Perimeter technologies (e.g., router, firewalls, web proxies and intrusion prevention, etc.) and security tools (i.e. web application scanners, vulnerability scanners, file integrity monitoring, configuration monitoring, etc.). Experience in security audits including but not limited to SSAE16/18, GDPR, PCI, SOX. Experience presenting and influencing C-level executives on IT security and matters.
Find Us on Facebook!
Follow Us on Twitter!
Beacon Hill is an Equal Opportunity Employer that values the strength diversity brings to the workplace. Individuals with Disabilities and Protected Veterans are encouraged to apply.
Company Profile:
Beacon Hill Technologies, a premier National Information Technology Staffing Group, provides world class technology talent across all industries on a contract, direct (permanent), contract-to-direct and project basis. Beacon Hill Technologies' dedicated team of recruiting and staffing experts consistently delivers quality IT professionals to solve our customers' technical and business needs.
Beacon Hill Technologies covers a broad spectrum of IT positions, including Project Management and Business Analysis, Programming/Development, Database, Infrastructure, Quality Assurance, Production/Support and ERP roles.
Learn more about Beacon Hill Staffing Group and our specialty divisions, Beacon Hill Associates, Beacon Hill Financial, Beacon Hill HR, Beacon Hill Legal, Beacon Hill Life Sciences and Beacon Hill Technologies by visiting www.beaconhillstaffing.com.
