IT Compliance & Risk Management Specialist
Software Guidance & Assistance
- Boston, MA
- Contract
- Full-time
- Perform IT compliance, risk assessment, and mitigation.
- Provide business and technical expertise for compliance including impact level and vulnerability corrective action recommendations and follow-up. Develop, update, and maintain IT compliance documentation based on firm IT compliance standards.
- Conduct regular reviews and assessments to coordinate IT compliance testing and reporting requirements.
- Analyze IT compliance and risk related policies and standards.
- Performing activities associated with the Bank's information security framework.
- This includes assisting business lines completing security control self-assessments, preparing System Security Plan documentation, conducting analysis of security control deficiencies, and monitoring risk management activities.
- Providing status reports of progress.
- Optionally and skills dependent, candidate could participate in independent security controls testing activities such as technical scanning or management/operational reviews.
- Executing continuous monitoring activities, including recurring access reviews, and preparing security-related documentation.
- Assisting peers within the Information Security function with ad hoc risk assessments, such as software/hardware compliance reviews.
- Update, and maintain IT compliance documentation based on IT compliance standards.
- Conduct reviews and assessments to coordinate Enterprise Risk Management and Security Assurance for the firm.
- Staff working within the Information Security function are expected to obtain an enhanced clearance (NACI level 2 or equivalent).
- Working knowledge of NIST 800 series Special Publications, FISMA, or equivalent IT security programs.
- Knowledge and experience with risk assessments, security plans, and test and evaluation activities.
- Ability to recommend corrective action plans.
- Ability to interpret security policies and standards and understand how they can be best applied within an organization.
- Good organization skills with the ability to exercise discretion and ingenuity to determine the proper course of action while following established standards.
- Ability to be innovative with resourcefulness and a strong drive for results.
- Strong communication skills to support team members within the Information Security function and business lines in firm.
- Excellent written and verbal communication skills.
- Background in information technology, information security, computer science, data analysis or equivalent preferred.