Boca Raton, FL
Work authorization: any (candidate must be authorized to work in US)
Must-have skills: Compliance and Security Standards: 5+ y with PCI DCC, 4+ y with SOC2, 5+ y with GRC Tools: Archer, ServiceNow, Cybersecurity and Risk Management: Risk Assessment and Security Incident Response Team (SIRT), Certifications: CISM (Certified Information Security Manager) or CISA (Certified Information Security Auditor)
Requirements:
- Availability to work 100% on Client’s site in Boca Raton, FL (required);
- Hands-on experience in performing PCI-DSS assessment (5-7 years);
- Hands-on experience with SOC2, Type1, and Type 2 assessment (4-6 years);
- Strong experience with managing and organizing Security Incident Response Team (SIRT) activities;
- Experience using GRC tools such as Archer and ServiceNow (5-7 years);
- Hands-on experience in performing IT business processes and cost-benefit analysis. (3-4 years);
- Experience with Excel, Visio, MS-Word, and developing PowerPoint presentations;
- Experience with Information Technology tools and technology supporting overall IT organization and business;
- Experience in developing KPI and reporting matrix, and formulating cost-benefit analysis to help align SRCO and Network Operations technology solutions with business initiatives and delivery;
- Experience with Security technology solutions and ability to articulate them to meet current and future Client’s Information Technology and business initiatives;
- Must have strong presentation and written communication skills;
- Certified Information Security Manager (CISM) or Certified Information Security Auditor (CISA) (preferred);
- Bachelor’s degree or equivalent experience
Responsibilities included but are not limited to the following:
- Coordinate and perform annual PCI certification, perform interim assessments, and work with the broader Information Technology team to remediate identified gaps. Ensure that established timelines of the yearly certification are met;
- Coordinate and perform Department’s annual SOC2 assessment. This includes coordinating with internal and external parties to obtain documentation, obtaining necessary approvals, and meeting established timelines;
- Perform interim and annual reviews, including assisting with ad-hoc audits for compliance with State of Florida status and established compliance requirements and industry best practices;
- Manage vulnerability program to ensure remediation based on established Service Level Agreements, including PCI-DSS and Cybersecurity Frameworks. Develop management reporting;
- Develop and maintain Department’s KPI and create monthly and quarterly reporting for the leadership;
- Assist the SIRT team in formulating testing schedules, conducting tabletop exercises, and facilitating lessons learned workshops and management reports;
- Maintain and enhance SRCO and Network Operations software and tools to identify licensure, including annual renewals. Work with the TDC procurement team to explore opportunities for consolidating renewals;
- Assist with managing supply chain oversight, including establishing, maintaining, and performing a risk assessment. Develop risk matrix and management reporting.