Job ID: MI-529738 (912390314)
Information Security Auditor/Architect (CISSP/CISM) with PCI/NIST/FISMA/HIPAA/CJIS, GRC tools and risk/governance/compliance experience
Location: 7150 Harris Drive, Dimondale, MI (MCS)
Duration: 12 months
Skill Required / Desired Amount of Experience
Information Technology Experience Required 10 Years
IT Security and/or Audit Experience Required 10 Years
PCI, NIST, FISMA, HIPPA, CJIS, or related experience Required 5 Years
Experience working in large, complex business and/or IT environments Required 10 Years
Bachelors or Masters Degree in Computer Science, MIS, Business, Accounting, or Engineering (or related) Required 4 Years
Technical skills: knowledge and experience in IT security statutes, regulations, and standards, experience in GRC tool(s). Required 5 Years
CISSP/CISM certification Highly desired
Practical experience with a commercial Governance, Risk & Compliance platform Desired 3 Years
Practical experience working with business and IT stakeholders to complete Risk Assessments Desired 3 Years
o This is a hands on role working directly with Agencies on completing Risk Assessments and Security Plans. This is not a leadership or strategic role.
o This is not a role to implement a new Security Program (the department has established a Security Program).
Years of Experience:
10 or more years with IT security and audit experience with extensive knowledge of national/international security standards including NIST, PCI, CJIS, CMS, ISO, SOX, HIPAA, HITECH and other regulatory requirements .
Advanced knowledge of security standards and progressive experience performing security audits.
1. Assist the Risk and Compliance Director with risk assessment process re-engineering within the LockPath GRC tool
2. Assist in establishing efficient processes for Risk Assessment processes within the GRC tool as part of LockPath Reengineering Project(s).
3. Perform gap analysis of security requirements implemented within the LockPath GRC tool and risk assessment process according to security statute, regulation, standards and SOM policies
4. Cross-map HIPAA, IRS, CMS, PCI and CJIS security requirements to NIST and State of Michigan Baseline controls
5. Document LockPath process design including business and security requirements
6. Identify and design reports within the LockPath GRC tool and assist the Risk and Compliance Director to establish monitoring program
7. Assist with establishing Cyber Security Framework for the State of Michigan.
8. Other cyber security related tasks as assigned
9. Assist with MICWRAP Risk Assessment volume of work for agencies.