Job Description

• Perform PCI, SOC2, ISO, and applicable State of Florida cybersecurity controls-related reviews to ensure that current, new, and technology infrastructure complies with these standards and Department's security policies.
• Plan and perform IT security controls effectiveness. Manage remediation efforts for the identified gaps including assessment of new or enhanced implemented controls.
• Maintain IT security risk and compliance matrix and performs management reporting. This will include IT systems controls, and business process risks to meet compliance requirements. Provide risk mitigation strategies
• Maintain Third Party Risk Management Program (TPRM) and analyze SOC-2 and other reporting including mapping to key IT security and compliance controls such as NIST, PCI, and COBIT.
• Manage IT security vulnerabilities management program aligned with PCI and NIST standards.
• Identifying and ranking the value, sensitivity, and criticality of the operations and assets that could be affected should a threat materialize in order to determine which operations and assets are the most important.
• For the most critical and sensitive assets and operations, estimating the potential losses or damage that could occur if a threat materializes, including recovery costs.
• Identifying cost-effective actions to mitigate and reduce risk. These actions can include implementing new organizational policies and procedures as well as the design of technical or physical controls.
• Coordinating, tracking, and verifying remediation of audit findings.
• Documenting the results and developing a plan of action and milestones for mitigating any identified risk.
• Produce formal audit reports based on ISACA Audit Standards.
• Promotes compliance with regulatory requirements (e.g. PCI DSS) and IT best practices.

• 7-10 years of IT Audit experience (CISA certified preferred)
• 3 years of IT Risk Management lifecycle experience
• 3 years of hands-on technical experience (e.g. developer, system administrator)
• Experience working with NIST 800-30 Risk Assessment Standard
• Extensive experience with IT General Controls evaluation and design
• Advanced skill level in business process mapping and documentation as well as policy and procedure development
• Recent experience in Information Security with up-to-date knowledge of the current threat landscape.
• Solid understanding of PCI DSS standards

• Bachelor's Degree in Computer Science, Information Systems, Business Administration, or other related field and/or equivalent work experience.
• CISA and CISSP certifications (preferred).

Job Tags

Similar Jobs