IT Cyber Security Risk Management

ALTA IT Services is staffing a contract opportunity for an IT Cyber Security Risk Management to join a leading health insurance customer. IT Cyber Security Risk ManagementWashington, DC (Currently 100% COVID Remote)6-Month Contract Job Description:

• Position is in the clients Cybersecurity Risk Management Department.
• Position requires 5-8 years’ experience.
• Knowledge of several of the following frameworks/regulations: NIST Special Publication 800-53 Rev. 4 /5 ”Security and Privacy Controls for Information Systems and Organizations”, the HIPAA Security and Privacy Final Rule (45 CFR Part 164), NIST 800-171 “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations”, NIST CSF, NIST RMF, FedRAMP, HITRUST, CIS benchmarks, CIS Top 20, Cloud Controls Matrix (CCM), COBIT, CMMC, ISO 27001.
• Experience in conducting security and privacy risk assessments, completing risk exception and acceptance requests using SIG, SOC2 Type 2, and other security attestation documents.
• Skilled at working with a variety of stakeholders (internal and external to the organization) to understand and assess cybersecurity strengths, weaknesses, and gaps in adherence to controls with the ability to develop solutions and documentation to address identified security coverage gaps.
• Cyber security business and systems subject matter expertise – especially in Application security, Data Security, Data Governance, and Network Security domains.
• Experienced with responding to internal and external audit requests, working with, and communicating to auditors and assessors, understanding the extent of appropriate evidence needed to satisfy audit and assessment requests.
• Experience with working with enterprise or cybersecurity specific risk registers.
• Experience with GRC (Governance, Risk, and Compliance) systems or IRM (Information Risk Management) systems.
• Excellent written skills to be used in the development, review, and refinement of cybersecurity standards, SOPs, and policy with communication skills (verbal and written) to communicate to all levels of the organization.
• Proven experience supporting data security risk teams with demonstrated business process, workflow, task analysis, and metrics/results measurement. Exposure to user-acceptance testing and requirements analysis knowledge.
• Proven ability to elicit, document, analyze and verify requirements.
• Advanced written and verbal communication skills.
• Excellent organizational, analytic, and problem-solving skills with the ability to set priorities and handle multiple projects concurrently with attention to detail.
• Position requires a bachelor’s degree in Cyber Security, Information Technology, Computer Science, Business or relevant work experience in application security analysis, security risk, systems analysis experience with direct Business Analyst experience.
• Excellent interpersonal skills including the ability to build consensus and agreement and bring resolution to contentious issues and entrenched interests.
• Knowledge of AGILE and/or Waterfall SDLC methodologies.
• Excellent knowledge of MS Office tool set – MS Word, MS Excel, MS Project and MS Visio.

• Security Certification (CISSP, CRISC, CISA or SANS GIAC certifications in relevant areas).
• Understanding of data analysis and modelling.
• Knowledge of cloud security controls (AWS / Azure).
• Experience with healthcare insurance industry, especially BCBS plans.
• Experience with SAI Global’s Compliance360 Enterprise Risk Management and Risk Intelligence Manager modules.
• Audit experience.
• Experience evaluating security controls in a mainframe environment.