Security Governance and Compliance Specialist @ ESG Consulting | Jobright.ai
JOBSarrow
RecommendedLiked
0
Applied
0
Security Governance and Compliance Specialist jobs in Atlanta Metro
96 applicants
job-post-linkOriginal Job Post
company-logo

ESG Consulting ยท 3 days ago

Security Governance and Compliance Specialist

positionAtlanta Metro
timeContract
remoteOnsite
seniorityMid, Senior Level
date5+ years exp

Wonder how qualified you are to the job?

ftfMaximize your interview chances
ConsultingInformation Technology
check
Actively Hiring

Insider Connection @ESG Consulting

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Compliance Assessments: Participate in compliance assessments to implement countermeasures and mitigating controls. This involves identifying areas where the organization may be at risk of non-compliance and implementing measures to address those risks.
Vendor Security Analysis: Analyze vendor security for Requests for Proposals (RFPs), new product evaluations, and custom/purchased applications. This includes assessing the security risks associated with vendors and their products or services.
Issue Identification and Reporting: Assist in identifying and reporting IT governance and compliance issues as part of routine responsibilities. This involves identifying potential risks to governance and compliance and reporting them for mitigation.
Security Control Assessment: Perform and facilitate assessments, testing, and documentation of IT security controls and compliance requirements across various domains (e.g., NIST, HIPAA, PCI) and SOX domains (e.g., logical access, change management, IT operations, and application development). This encompasses assessing the effectiveness of security controls and identifying areas where compliance requirements may not be met.
Policy and Procedure Development: Recommend and contribute to the creation of policies, procedures, and standards, emphasizing best practices. This involves assessing existing policies and procedures, identifying gaps or areas of improvement, and developing new policies and procedures to address them.
Plan Review: Review System Security Plans, Incident Response Plans, Business Continuity Plans, and Disaster Recovery Plans. This includes assessing the adequacy of plans for addressing security risks and ensuring continuity of operations in the face of potential threats or disasters.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

IT SystemsPolicy DevelopmentAudit ExperienceAudit PlanningData Security Management ToolsCISSP CertificationCISA CertificationRelease ManagementInformation Security Control Assessments OralEffective CommunicationProblem-SolvingDocumentationCompliance AssessmentsTestingNISTHIPAAPCISOXLogical AccessChange ManagementIT OperationsApplication DevelopmentVendor Security AnalysisRequests for ProposalsNew Product EvaluationsProcedure DevelopmentSystem Security PlansIncident Response PlansBusiness Continuity Plans

Required

Understanding of IT Systems: Knowledge of how operating systems work internally and familiarity with network protocols.
Effective Communication Skills: Ability to communicate with people at all levels of the organization and willingness to perform routine security compliance tasks.
Knowledge of Regulations: Familiarity with relevant regulations and compliance requirements such as NIST, PCI, and HIPAA. NIST is required.
Policy Development Skills: Demonstrated ability to develop, implement, and maintain effective compliance policies and procedures.
Documentation Skills: Experience creating clear and comprehensive documentation to guide employees in adhering to compliance standards.
Audit Experience: Experience with compliance audits and monitoring processes.
Audit Planning: Ability to develop and execute compliance audit plans.
Data Security Management Tools: Utilize data security management tools to monitor, analyze, and manage access permissions, user behaviors, and sensitive data usage.
CISSP or CISA certification highly desired.
Experience with Change and Release Management based on ITIL best practices.
5+ years of experience conducting information security control assessments or audits.
Strong oral and written communication skills essential for maintaining documentation, updating manuals, and producing reports.

Preferred

Other related certifications.
Experience with compliance assessments, testing, and documentation across various domains (e.g., NIST, HIPAA, PCI) and SOX domains (e.g., logical access, change management, IT operations, and application development).
Experience in vendor security analysis for Requests for Proposals (RFPs), new product evaluations, and custom/purchased applications.
Experience in policy and procedure development emphasizing best practices.
Reviewing System Security Plans, Incident Response Plans, Business Continuity Plans, and Disaster Recovery Plans.

Benefits

Health Insurance
Dental Insurance
Vision Insurance
401K

Company

ESG Consulting

twittertwittertwitter
company-logo
ESG Consulting is an international provider of staffing and consulting services to Fortune 1000, public sector and emerging growth firms.
dateFounded in 1986
location
Santa Clara, California, USA
people-size201-500 employees
web-link
http://www.esginc.com

Funding

Current Stage
Growth Stage

Leadership Team

leader-logo
Ali Shafi
Managing Partner / Co-Founder
linkedin
Company data provided by crunchbase
logo

Orion

Your AI Copilot