Description:
Responsibilities:
· Perform PCI, SOC2, ISO, and applicable State of Florida cybersecurity controls-related reviews to ensure that current, new, and technology infrastructure complies with these standards and Department’s security policies.
· Plan and perform IT security controls effectiveness. Manage remediation efforts for the identified gaps including assessment of new or enhanced implemented controls.
· Maintain IT security risk and compliance matrix and performs management reporting. This will include IT systems controls, and business process risks to meet compliance requirements. Provide risk mitigation strategies
· Maintain Third Party Risk Management Program (TPRM) and analyze SOC-2 and other
reporting including mapping to key IT security and compliance controls such as NIST, PCI, and COBIT.
· Manage IT security vulnerabilities management program aligned with PCI and NIST standards.
· Identifying and ranking the value, sensitivity, and criticality of the operations and assets that could be affected should a threat materialize in order to determine which operations and assets are the most important.
· For the most critical and sensitive assets and operations, estimating the potential losses or damage that could occur if a threat materializes, including recovery costs.
· Identifying cost-effective actions to mitigate and reduce risk. These actions can include implementing new organizational policies and procedures as well as the design of technical or physical controls.
· Coordinating, tracking, and verifying remediation of audit findings.
· Documenting the results and developing a plan of action and milestones for mitigating any identified risk.
· Produce formal audit reports based on ISACA Audit Standards.
· Promotes compliance with regulatory requirements (e.g. PCI DSS) and IT best practices.
Required Qualifications:
Candidate MUST have:
· 7-10 years of IT Audit experience (CISA certified preferred)
· 3 years of IT Risk Management lifecycle experience
· 3 years of hands-on technical experience (e.g. developer, system administrator)
· Experience working with NIST 800-30 Risk Assessment Standard
· Extensive experience with IT General Controls evaluation and design
· Advanced skill level in business process mapping and documentation as well as policy and procedure development
· Recent experience in Information Security with up-to-date knowledge of the current threat landscape.
· Solid understanding of PCI DSS standards
· Bachelor‘s Degree in Computer Science, Information Systems, Business Administration, or other related field and/or equivalent work experience.
Preferred Qualifications:
CISA and CISSP certifications (preferred).
Any Gradute