Auditing, Business Processes, Communication Skills, Computer Security, Corrective Action, Documentation, Government, HIPAA (Health Insurance Portability and Accountability Act), Information Systems/Technology IS/IT Administration, Information Technology/Systems Audit, Information/Data Security (InfoSec), Internet Service Providers, PCI-DSS, Policy Development, Presentation/Verbal Skills, Procedure Development, Process Analysis, Process Development, Publications, Reengineering, Regulatory Compliance, Resource Management, Schedule Development, Security Analysis, Security Architecture, Security Auditing, Security Compliance, Security Consulting, Security Monitoring, Time Management, U.S. National Institute of Standards and Technology (NIST), Writing Skills
Information Security Compliance Analyst / Information Security Consultant
Daily Duties & Responsibilities
- Interview business and technical stakeholders to determine policies and procedures used for agency processes.
- Develop and track Information Security (InfoSec) implementation plan progress.
- Document information gathered through:
- Stakeholder interviews
- Documentation reviews
- Assist in developing formal policies, processes, and procedures.
- Assess agency documentation to ensure appropriate approaches are used to meet security control requirements.
- Support compliance and audit readiness initiatives.
- Review and validate security documentation against established control frameworks.
- Collaborate with business and technical teams to improve security compliance efforts.
Required Skills (Ranked by Importance)
Information Security & Compliance
- 10+ years of experience in:
- Information Security
- Security Compliance
Security Audits
- 2+ years of experience:
- Conducting security audits based on standard control frameworks
- Serving as an auditor or Information System Security Officer (ISSO)
- Responding to audit findings and compliance reviews
NIST Framework Expertise
- 2+ years of strong working knowledge of:
- NIST 800-53 Security Controls
Risk Remediation & Corrective Actions
- Prior experience with:
- POA&M (Plan of Action and Milestones)
- CAP (Corrective Action Plans)
Communication
- Strong verbal and written communication skills.
- Ability to effectively communicate with:
- Business stakeholders
- Technical teams
- Management
Governance, Risk & Compliance (GRC)
- 3+ years of experience using:
Preferred Skills (Ranked by Importance)
- Experience developing:
- Information Security Plans (ISP)
- System Security Plan (SSP) notebooks
- Ability to manage multiple Information Security initiatives simultaneously.
- Knowledge of compliance and regulatory frameworks, including:
- IRS Publication 1075
- HIPAA
- CJIS
- MARS-E
- PCI-DSS
- Government sector experience.
Additional Skills
Business Process Analysis
- Ability to:
- Identify business processes
- Map business processes
- Re-engineer business processes
Project & Resource Management
- Strong schedule management skills.
- Strong resource planning capabilities.
- Ability to track and manage multiple workstreams.
Work Environment
- Ability to work effectively in:
- High-volume environments
- Fast-paced environments
Collaboration & Delivery
- Strong collaboration and stakeholder engagement skills.
- Proven ability to meet deadlines and deliver quality work on schedule.
Required Education: Bachelor's Degree
Preferred Certifications: CISA, GSLC, or equivalent certification
Identify on-site, hybrid or fully remote? Fully remote. Onsite availability is preferred.
Preference will be given to local candidates who can come to the office as needed for client and departmental meetings, training, and other onsite activities.
Interview format: Virtual or in-person? Virtual interviews with in-person availability preferred.
T
Talent Software Services, Inc.