IT Security Specialist (CoAuSe1)
Detroit, MI
Contracted
Mid Level
Must be local to Michigan; Second interview – required in person
compliance/Audit Security- HiTRUST Framework or Equivalent is MUST
The EIS Compliance/Governance Analyst will be responsible for assisting in the responsibilities of executing the security framework compliance/governance activities and requirements for Our Client.
Day-to-day responsibilities will also include documenting adherence to governance requirements across policies/standards, procedures, controls, compliance, training and awareness, and preparing metrics/KPIs and reporting materials.
This role will report to the EIS ESF Manager.
Evaluate the design and operation effectiveness of Business/IT operations against the HITRUST CSF and identify areas of improvement
Interview SMEs, examine evidence documentation, analyze and perform testing
Learn the company functions/processes by conducting process walk throughs
Analyze root cause of issues, provide recommendations for process improvements and risk mitigation based on assessment findings
Collaborate with cross-functional teams to mitigate risks and ensure compliance with HITRUST CSF
Deliver effective and concise documentation that meets HITRUST quality standards
Prepare and provide reporting such as dashboards and metrics, on various areas of performance, issue analysis and assessment statuses
Utilize GRC tools to effectively manage assessment remediation plans and documentation
Serve as a HITRUST subject matter expert
Participate and provide support during audits, assessments, or other required third-party reviews
Support initiatives/projects
Build relationships internally to foster a culture of teamwork and collaboration
QUALIFICATIONS:
Top 3 Required Skills/Experience:
1.At least 3-5 years of work experience in IT compliance, IT Assessments and/or IT audit experience as well as knowledge and understanding of governance, risk, compliance
2.Knowledge of security and risk frameworks, standards, best practices (e.g., HITRUST CSF, NIST CSF, ISO/IEC 27001, COBIT)
3.Self-starter with effective written and verbal communication skills along with strong critical thinking skill
Required Skills/Experience:
Effective written and verbal communication skills and the ability to tailor communication style to the audience at hand
Experience in coordination and execution of the audit lifecycle, including evidence collection, review, observation tracking, management response collection and auditor relations and communication
Strong demonstration of problem-solving and decision-making ability
Experience working on testing of IT controls across systems, databases, applications and operating systems
Strong ability to frame and deliver messages based on experience and level of the listener
Strong critical thinking skills to actively pursue opportunities to develop and implement solutions to solve work problems
Must be able to solve problems, handle conflict, and make effective decisions under pressure with a highly professional demeanor
Strong organizational skills
Strong ability to adjust to changing priorities while multitasking effectively
Self-directed and works with minimal guidance
Proactively seeks guidance when needed
Education/Certifications – Include:
Undergraduate university degree (4-year) preferred but not required
Masters (e.g., MBA, MSIS, MIS, etc.) degree preferred but not required
Five (5) years of combined IT experience to include two (2) years IT security work
Experience in Information Security, IT general controls, IT compliance, IT assessments and/or IT audit experience
Certified Information Systems Security Professional (CISSP), CISA, CPA/CA, CISM or other equivalent professional certification preferred but not required
compliance/Audit Security- HiTRUST Framework or Equivalent is MUST
The EIS Compliance/Governance Analyst will be responsible for assisting in the responsibilities of executing the security framework compliance/governance activities and requirements for Our Client.
Day-to-day responsibilities will also include documenting adherence to governance requirements across policies/standards, procedures, controls, compliance, training and awareness, and preparing metrics/KPIs and reporting materials.
This role will report to the EIS ESF Manager.
Evaluate the design and operation effectiveness of Business/IT operations against the HITRUST CSF and identify areas of improvement
Interview SMEs, examine evidence documentation, analyze and perform testing
Learn the company functions/processes by conducting process walk throughs
Analyze root cause of issues, provide recommendations for process improvements and risk mitigation based on assessment findings
Collaborate with cross-functional teams to mitigate risks and ensure compliance with HITRUST CSF
Deliver effective and concise documentation that meets HITRUST quality standards
Prepare and provide reporting such as dashboards and metrics, on various areas of performance, issue analysis and assessment statuses
Utilize GRC tools to effectively manage assessment remediation plans and documentation
Serve as a HITRUST subject matter expert
Participate and provide support during audits, assessments, or other required third-party reviews
Support initiatives/projects
Build relationships internally to foster a culture of teamwork and collaboration
QUALIFICATIONS:
Top 3 Required Skills/Experience:
1.At least 3-5 years of work experience in IT compliance, IT Assessments and/or IT audit experience as well as knowledge and understanding of governance, risk, compliance
2.Knowledge of security and risk frameworks, standards, best practices (e.g., HITRUST CSF, NIST CSF, ISO/IEC 27001, COBIT)
3.Self-starter with effective written and verbal communication skills along with strong critical thinking skill
Required Skills/Experience:
Effective written and verbal communication skills and the ability to tailor communication style to the audience at hand
Experience in coordination and execution of the audit lifecycle, including evidence collection, review, observation tracking, management response collection and auditor relations and communication
Strong demonstration of problem-solving and decision-making ability
Experience working on testing of IT controls across systems, databases, applications and operating systems
Strong ability to frame and deliver messages based on experience and level of the listener
Strong critical thinking skills to actively pursue opportunities to develop and implement solutions to solve work problems
Must be able to solve problems, handle conflict, and make effective decisions under pressure with a highly professional demeanor
Strong organizational skills
Strong ability to adjust to changing priorities while multitasking effectively
Self-directed and works with minimal guidance
Proactively seeks guidance when needed
Education/Certifications – Include:
Undergraduate university degree (4-year) preferred but not required
Masters (e.g., MBA, MSIS, MIS, etc.) degree preferred but not required
Five (5) years of combined IT experience to include two (2) years IT security work
Experience in Information Security, IT general controls, IT compliance, IT assessments and/or IT audit experience
Certified Information Systems Security Professional (CISSP), CISA, CPA/CA, CISM or other equivalent professional certification preferred but not required
Apply for this position
Required*