Security Analyst (CISA/CRISC) with NIST, HIPAA, Archer GRC Tool and COV Sec 501/525 experience

Job ID: VA-650108 (98290430)

Security Analyst (CISA/CRISC) with NIST, HIPAA, Archer GRC Tool and COV Sec 501/525 experience

Location: Richmond VA (DMAS)
Duration: 12 months
**May begin as remote work/assignment and mgr will consider qualified candidates that are out of the Richmond area, however, once offices safely reopen the expectation is that they will work onsite.

SkillRequired / DesiredAmountof ExperienceExpertise RatingMove
Considerable experience and knowledge in IT security governance/compliance, risk managementRequired10Years
Specifically commonwealth ITRM security standards, policies (ITRM SEC501, SEC525, NIST800-53, HIPAA), and procedures and controls.Required8Years
Working experience using analytical tools, developing spreadsheets, documentation, and security reportsRequired10Years
Certified Systems Information Auditor (CISA) or Certified Information Risk and Controls (CRISC) a plus. Certified Systems Information Auditor (CISA)Desired1Years
Archer GRC Tool and COV Sec 501 and COV Sec 525 experience a plus.Desired2Years

ABOUT THE ROLE
The Risk Analyst role will work directly with the CISO and the Agency information security team to perform, support and manage ongoing Risk assessments, Business Impact Analysis, governance and System Security Plan reviews and updates. Must be able to work independently on multiple tasks performing complex analysis of risk/governance data. Individual will be generating final work products using information from agency personnel, eGRCS (Archer), security architects and must perform this within the Agency environment. Development of risk assessments / system security plans and analysis of governance data will be a primary function. In addition the role will require partnership and interaction with the VITA and internal information technology personnel.
Performing and documenting business impact analysis, risk assessments, risk exceptions, risk treatment plans and plan of action and milestones (POAMS’), reviewing and assessing SOC2 reports, working with the client team. Development of security documentation such as System Security Plans from artifacts and assessments provided by third parties.

SKILLS Required
Considerable experience and knowledge in IT security governance/compliance,
risk managementRequired -10Years
Specifically commonwealth ITRM security standards, policies (ITRM SEC501, SEC525, NIST800-53, HIPAA), and procedures and controls.Required- 8 Years
Working experience using analytical tools, developing spreadsheets, documentation, and security reportsRequired – 10Years
Certified Systems Information Auditor (CISA) or Certified Information Risk and Controls (CRISC) a plus.
Archer GRC Tool and COV Sec 501 and COV Sec 525 experience a plus.