Information Security Compliance Consultant
Location: 100% Remote. Preference will be given to local candidates who can come to the office as needed for client and departmental meetings, trainings, and other onsite activities.
Interview Process:1-2 Rounds of Virtual Interviews. In person availability for interviews preferred.
Duration: 12 Months
Employment Type: Contract
Experience Required: 12+ Years
Seeking an experienced Information Security Compliance Consultant to support statewide information security program initiatives. The consultant will assist agencies with tactical implementation of information security requirements, development and tracking of security implementation plans, compliance assessments, policy and procedure documentation, and governance activities.
The consultant will work closely with business leaders, technical teams, and third-party stakeholders to evaluate security controls, assess compliance readiness, and ensure alignment with established security frameworks and state standards. This role requires strong expertise in information security governance, risk, compliance (GRC), auditing, and regulatory frameworks.
Key Responsibilities:
· Support agencies with information security program implementation and compliance initiatives.
· Conduct interviews with business owners, technical teams, administrators, and third-party stakeholders to gather security and compliance requirements.
· Develop, document, and maintain security policies, procedures, and governance artifacts.
· Track and monitor Information Security implementation plans and remediation activities.
· Perform compliance assessments against established security frameworks and control standards.
· Review agency documentation and provide recommendations to strengthen security posture and compliance readiness.
· Analyze existing business processes and identify opportunities for improvement and risk reduction.
· Assist in developing corrective action plans (CAP) and Plans of Action & Milestones (POA&M).
· Support multiple concurrent security and compliance initiatives while maintaining project timelines.
· Prepare reports, findings, and compliance status updates for leadership and stakeholders.
· Ensure alignment with state security standards, regulatory requirements, and industry best practices.
Required Skills & Experience:
· 10+ years of Information Security and Compliance experience.
· 2+ years of experience conducting security audits or serving as an Information System Security Officer (ISSO).
· Strong working knowledge of NIST 800-53 security controls and compliance requirements.
· Experience developing and managing POA&M and Corrective Action Plans (CAP).
· 3+ years of experience working with Governance, Risk, and Compliance (GRC) platforms such as Archer or similar tools.
· Strong documentation, communication, and stakeholder management skills.
· Experience assessing security controls and compliance programs.
Preferred Skills:
· Experience developing Information Security Plans (ISPs) and System Security Plan (SSP) documentation.
· Experience managing multiple concurrent information security initiatives.
· Knowledge of IRS 1075, HIPAA, CJIS, MARS-E, and PCI-DSS compliance frameworks.
· Government or public sector experience.
· Experience with process analysis, business process re-engineering, and compliance program development.
· Strong project scheduling and resource planning capabilities.
Education
Bachelor's Degree
Preferred Certifications:
· CISA
· GSLC