Job Title: Risk and Compliance Consultant
Location: Dallas TX 75202
Mode : Contract (Day 1 Onsite)
Work-Experience: Total 9 years in IT Technical role with at least 4 years’ experience in Information Security and exp to regulatory audits and testing.
Type of Experience:
Information Security Co-ordination and administration to handle NERC CIP and SOX compliance activities.
Good knowledge of IT Security technologies, Operating Systems, Database, routing and switching.
Knowledge of implementing, managing and auditing security & compliance regulation (NERC CIP, SOX, PCI DSS, DPA, HIPAA, GLBA), Standards (ISO 27001, BS 17799) and frameworks (ITIL, NIST, COBIT).
Working experience on RSA Archer in building and supporting GRC solutions
Experience in Risk Management/Compliance Assurance/ Audits
Holds experience in delivering Risk and Compliance management services for a client based delivery environment.
Certifications
CISSP / CISA / CISM / ISO 27001 is a must, along with other technical certification like CCNA, CCNP, CCSA etc.
Areas of Responsibility
Work with internal/external teams to understand the security audit requirements and deliver against project plans
Build NERC CIP control testing procedure based on IT Environment and manage Compliance
Perform NERC CIP control testing for application and IT infrastructure.
Assist in compliance initiatives at function and organizational levels in areas of Information security and Risk Management.
Report Key Risk Indicators and deriving root cause for significant deviations
Continuously assess security measures in place for effectiveness thus highlighting deficiencies for remedial action
Review, design and deploy information/IT security procedures & guidelines across various IT functions and services.
Design reports related to compliance monitoring and improvement activities to ensure compliance with internal security policies etc.
Forensic investigations with tools like Forensic Tool Kit
Operating System Security Procedures Administration
Database and Web Portal Security
Information Security Incident Handling and Management
Compliance management through GRC tool
Execute defined responsibilities for various IT Security and Compliance Management projects
Soft Skills Required
Good problem solving capability, team player, good communication and documentation skills.
Handle multiple tasks with different group in a team in a wider domain.
Ability to prepare Informative Presentation & MIS documentation.
Ready to work in shifts (24×7 in rotation)
Should be working as per policies & procedures in compliance with Information Security recommendations.
Self-driven to take individual initiatives and able to work with minimal guidance.