11647904 -GRC Security Engineer - FCH | Jobs with Virtelligence

11647904 -GRC Security Engineer - FCH Accepting Candidate

Location: Wisconsin Country: United States
Apply to this Job
Zack Wilson

Zack Wilson is recruiting this position.

email me  linkedin

Job Description

As a member of the IT Security team the Governance Risk and Compliance (GRC) Engineer contributes to a comprehensive information security program. In accordance with industry frameworks (NIST PCI and HIPAA) and business needs to ensure regulatory compliance and operational effectiveness this position leads and collaborates in the development and operation of Froedtert’s IT GRC capability and requires an experienced IT GRC professional to lead initiatives associated with tactical risk analysis of operational controls and their effectiveness; develops and applies risk assessment methodologies and processes and generates artifacts; works with control owners and internal service provider(s) to prioritize the validation of control compliance; and facilitates  identification and escalation associated control gaps and their remediation. 

1 .Plans implements and maintains the IT security risk management program capabilities and collaborates with Compliance ERM.
2. Provides leadership and supervision over Froedtert Health IT risk capabilities and compliance activities.
3. Assures assessment process effectiveness measurement and optimization of IT general controls within a complex technical environment.
4. Assists in the creation and maintenance of security risk management standards processes procedures and other program documentation.
5. Develops and executes methods to identify and consider relevant internal and external data to enhance objective data driven risk models.
6. Prepares reports and presentations for diverse audiences with varying business perspectives on cyber security risks and ITGC effectiveness.
7. Supports and administers new Governance Risk & Compliance (GRC) tools implementation and utilization. 
8. Performs program management assessments and evaluations to determine compliance with PCI HIPAA and IT general controls.
9. Maintains a strong understanding of security frameworks (NIST CSF & NIST SP800-53) and how these frameworks apply to operational activities within the IT environment.
10. Monitors and analyzes security risks and metrics to identify themes trends correlations and variances.
11. Communicates risk intelligence in a manner that enables business decision-making.
12. Provides risk management subject matter expertise.
13. Provides leadership (no direct people management) to individual contributors building risk capabilities and build program oversight.
14. Assists with the design and implementation of the IT Security Risk Registry.
15. Assists in the establishment of program plans procedures data categorizations risk rank modeling and other factors to provide a holistic representation of IT security risks that Froedtert Health faces.
16. Develops implements maintains and oversees enforcement of policies procedures and associated plans for system security administration and user system access based on industry-standard best practices and internal business forces.
17. Assists in the development and execution of formal control structure and assessment risk methodologies processes and artifacts
18. Assists in the development and maintenance of an enterprise security controls framework
19. Processes analyses and tracks risk exception requests
20. Periodically reviews security controls for effectiveness and design
21. Maintains an awareness of proposed security standards state and federal legislations and regulations pertaining to information security. 
22. Identifies IT Security requirement changes that will affect the organization’s requirements legal addendums and risk assessments and recommends appropriate changes

Skills:

A minimum of 5 years of experience in a related field. 
6 or more years of experience in a related field.
In-depth knowledge of cybersecurity frameworks including but not limited to NIST CF HITRUST CSF ISO 27001.
Experience leading risk assessment and remediation activities
Expert knowledge of information security risk management frameworks and compliance practices
Understanding of common healthcare security regulations (e.g. HIPAA HITECH Meaningful Use PCI DSS ISO2700x FDA etc.)
Familiarity with security auditing and risk assessment processes
Skill in documenting risk and compliance activities
Excellent written and verbal communication skills interpersonal and collaborative skills and the ability to communicate strategic information security topics policies and standards as well as risk-related concepts to technical and nontechnical audiences at various hierarchical levels
Sound knowledge of business management practices 
Knowledge of common security policy taxonomies and how they inform the creation of standards procedures and guidelines
Experience responding to analyzing and communicating information security audits
Understanding of general security concepts including but not limited to cryptography DLP Security Operations Center Security Managed Services SIEM FW Audit Cloud Security Mobile Security
Self-starter who has the ability to work independently with minimal supervision
Maturity to accept direction self-confidence to give direction
In-depth knowledge of cybersecurity frameworks including but not limited to NIST CF HITRUST CSF ISO 27001.
Experience in the implementation or usage of ServiceNow IRM / GRCCertifications preferred: CISA CRISC CGEIT CRMA CISSP & PCI- QSA
Knowledge of the imbedded operating systems design and implementation desired

Education:

BA in Computer Science or related field is required or equivalent acquired through combination of education and experience.

Languages: English  Read  Write  Speak Certifications & Licenses: CISA
CISSP Attachments:    Skills and Experience Skills:

Required

  • AUDIT
  • AUDITING
  • AUDITS
  • BUSINESS MANAGEMENT
  • CISA

Additional

  • CISSP
  • CRYPTOGRAPHY
  • CYBER SECURITY
  • DLP
  • DOCUMENTATION
  • DOCUMENTING
  • ENGINEER
  • EXCELLENT WRITTEN
  • EXCELLENT WRITTEN AND VERBAL COMMUNICATION SKILLS
  • FDA
  • GOVERNANCE
  • HIPAA
  • INFORMATION SECURITY
  • ISO
  • ISO 27001
  • MAINTENANCE
  • METRICS
  • MOBILE SECURITY
  • NIST
  • OPERATIONS
  • OPTIMIZATION
  • PCI
  • PROGRAM MANAGEMENT
  • REMEDIATION
  • RISK ANALYSIS
  • RISK ASSESSMENT
  • RISK ASSESSMENTS
  • RISK MANAGEMENT
  • SECURITY
  • SECURITY ADMINISTRATION
  • SECURITY AUDITS
  • SELF-STARTER
  • SIEM
  • SYSTEM SECURITY
  • SYSTEMS DESIGN
Languages: English( Speak, Read, Write ) Minimum Degree Required: Bachelor's Degree
  • Status:
    Accepting Candidate
  • Skills

    Cisa: 5 years

    Business Management: 5 years

    Auditing: 5 years

    Audit: 5 years

    AUDITS: 0