San Antonio, Texas
Job Type: FT
Rate: DOE
Security Risk and Compliance Specialist Job Opening in San Antonio, Texas - Security Risk and Compliance Specialist our client is expanding their security team and is looking for a security risk and compliance specialist to assist in the development of information security programs, compliance, and risk best practices globally through audits, assessments, and policy-making; and create and perform global it risk and compliance assessments. responsibilities: ? partners with team members to ensure documented business requirements are developed and implemented with the necessary archer configurations to support the processes and procedures as they relate to the applications in place. ? partner with team members to develop a 2-3-year roadmap of the egrc platform. ? provide ongoing operations and maintenance of the rsa archer egrc platform supporting various grc processes in the areas of information security, incidents, policy, compliance, and risk management; including annual reviews and import of new authoritative sources and data integrity monitoring and clean up. ? collaborates across the organization to execute and mature the risk assessment process, including developing all necessary charters, processes, methodologies, and reports. ? participates in cross-functional workgroups and planning meetings to promote ideal solutions that meet the objectives of both the business and the it risk, compliance, and information security team. where ideal solutions cannot be found, identifies and reports enterprise level risks and failures to management for escalation. ? communicates the value of it risk, compliance, and information security within the organization and continuously validates the organization against additional mandates, as developed, to ensure full compliance. ? promotes sharing of expertise through consulting, presentation, and documentation and coordinates cross-functionally to ensure a holistic approach to security and compliance across the organization. ? evaluates, monitors, and ensures compliance with it risk and information security policies, standards, guidelines and relevant legal and regulatory requirements. ? conducts it risk and information security due diligence activities relative to vendors and third parties. creates risk remediation plans with business owners and follows through in the implementation of changes. ? conducts annual audits for industry specific reports, including pci, iso27001, soc1, soc2, soc3, sox, and cdsa. documents findings where deviations exist through internal or external testing. ? develops internal control testing and documented processes and updates internal control matrices where necessary to support annual changing environments. ? executes as the conduit between internal control owners and external auditors, including kickoff meetings, interview requests, closing meetings, and evidence gathering. if you are both security and customer-service minded and able to work in ambiguity, then this close-knit and collaborative team is the place for you. relocation assistance available for this position. for confidential consideration, email your resume to .
|
