I.T. Compliance Coordinator
- 04-May-2018 to 16-Aug-2019
- - JWV Administration Building
- Corpus Christi , TX, USA
- Full Time
PRIMARY OBJECTIVE OF POSITION
This position will identify IT security risks to the business and develop remediation and mitigation plans when appropriate to help safeguard the organization's information through the performance of risk and compliance assessments, influence on policy and standards, and contribution to security awareness. The incumbent's skills, experience, and knowledge of information security will help the organization ensure vendors, applications, and organizational changes occur within the boundaries of the organization's risk tolerance.
ESSENTIAL JOB FUNCTIONS
1. Collects and performs data analysis to ensure compliance with IT controls. Generates and distributes security compliance metrics.
2. Supports internal and external audits, control reviews, risk assessments, and reporting as required.
3. Monitors and performs internal testing of IT controls to support internal and external audits. Develop plans to mitigate risks.
4. Tracks and manages action plans for the resolution of issues identified during assessments and audits. Performs analysis and reporting of compliance gaps. Will assist in the implementation of action plans as well as provide compliance support to projects in order to improve performance of IT controls.
5. Develops and maintains the IT compliance documentation repository and centralized IT risk register, including but not limited to central IT policy, procedures, rules, and guidelines.
6. Stays abreast with industry specific security trends, changes in regulations, and published security standards (including, but not limited to NIST, PCI DSS, ISO, GLBA, NCUA, FFIEC, TCUD, SSAE16, HIPAA etc.) that impact IT and business operations.
7. Translates security and compliance requirements into workable policy and procedures for all business units.
8. Continuously promote security awareness and look for ways to remediate/mitigate vulnerabilities when identified. Assists in the development and delivery of compliance training to business units.
9. All other duties as assigned.
Bachelor of Science or Bachelor of Engineering Degree in Information Security, Information Systems, IT or Computer Science from an accredited college or university.
Seven (7) years of experience in Information Technology with two (2) of those years of experience in information security and control assessments. Proficient in NIST Cyber Security Framework, ISO 27001/27002, NIST 800-53, COBIT and COSO frameworks. Must possess at least one of the following certifications (or be able to obtain within first 90 days of employment): CISSP, CISA, GSNA, or equivalent from ISC2, ISACA, or SANS.
Position involves wrist/hand manipulation; good visual acuity for detail work; ability to bend stoop on a regular basis; reach overhead and lift up to 50 pounds. Vision abilities required by this job include close vision for frequent viewing of computer monitor and review of documents. Must possess a valid Texas driver's license, means of transportation and be able to travel independently and work after normal business hours, when requested by management.
Must be able to perform job functions independently or with limited supervision and work effectively either on own or as part of a team. Must have a strong ability to read and carry out various written instructions and follow oral instructions. Must have a strong ability to speak clearly and deliver information in a logical and understandable sequence. Must be capable of dealing calmly and professionally with numerous different personalities from diverse cultures at various levels within and outside of the organization and demonstrate highest levels of customer service and discretion when dealing with the public. Must be able to perform responsibilities with composure under the stress of deadlines / requirements for extreme accuracy and quality and/or fast pace. Must be able to effectively handle multiple, simultaneous, and changing priorities. Must be capable of exercising highest level of discretion on both internal and external confidential matters.
Experience should include security policy development, security education, network penetration testing, application vulnerability assessments, risk analysis and compliance testing.