Job Description
KLC Consulting, Inc.
Requirement for: Security Analyst (Governance Risk Compliance (GRC) Analyst) Boca Raton , Florida
Contact: Maggie Manning: 850-270-9732, Email: MManning@klcinc.us
Client: Florida Department of Transportation, Tolls Data Center, 7941 Glades Rd., Boca Raton, FL, 33434
Closes: October 10, 2024 by 10am EST
For Term: Through 06/30/2025, with possible extension, based on excellence in work provided, need and budget availability.
Telecommuting: Telecommuting is not an option for this position. This is not a remote position.
Job Summary: The management, assessment, and mitigation of risks are fundamental components of our information assurance and cyber security program at the Florida Turnpike Enterprise. This position leads the IT security risk and audit program for information systems security using generally accepted standards and frameworks for IT audit and risk management (e.g., NIST, ISO, PCI, and ISACA). The position is responsible for the development and implementation of the IT security risk and audit strategy that perform information systems and business process risk assessments and evaluate the effectiveness of technical, physical, and administrative controls to identify control weakness. This individual will interface with the Security Operations, IT Operations, and various business units to:
Perform PCI, SOC2, ISO, and applicable State of Florida cybersecurity controls-related reviews to ensure that current, new, and technology infrastructure complies with these standards and Department s security policies.
Plan and perform IT security controls effectiveness. Manage remediation efforts for the identified gaps including assessment of new or enhanced implemented controls.
Maintain IT security risk and compliance matrix and performs management reporting. This will include IT systems controls, and business process risks to meet compliance requirements. Provide risk mitigation strategies
Maintain Third Party Risk Management Program (TPRM) and analyze SOC-2 and other reporting including mapping to key IT security and compliance controls such as NIST, PCI, and COBIT.
Manage IT security vulnerabilities management program aligned with PCI and NIST
standards.
Identifying and ranking the value, sensitivity, and criticality of the operations and assets that could be affected should a threat materialize in order to determine which operations and assets are the most important.
For the most critical and sensitive assets and operations, estimating the potential losses or damage that could occur if a threat materializes, including recovery costs.
Identifying cost-effective actions to mitigate and reduce risk. These actions can include implementing new organizational policies and procedures as well as the design of technical or physical controls.
Coordinating, tracking, and verifying remediation of audit findings.
Documenting the results and developing a plan of action and milestones for mitigating any identified risk.
Produce formal audit reports based on ISACA Audit Standards.
Promotes compliance with regulatory requirements (e.g. PCI DSS) and IT best practices.
Interviews: In the event an interview is requested, in-person interviews will be conducted at the Tolls Data Center, 7941 Glades Rd., Boca Raton, FL, 33434. At the discretion of the manager, first-round interviews may be conducted remotely via Microsoft Teams.
Must Complete the Exhibit E - Resume Self-Certification Form (See Attachment)
Must Complete the following Education, Experience, and Skills Matrices
Education
Degree / Date of Graduation
University / School
Bachelor s Degree in Computer Science, Information Systems, Business Administration, or other related field and/or equivalent work experience.
Certifications
Certification Date
Trainer / School
CISA (Preferred)
CISSP (Preferred)
Experience
Years of Experience
Last Year Skills Used
1. 7-10 years of IT Audit experience (CISA certified preferred)
2. 3 years of IT Risk Management lifecycle experience
3. 3 years of hands-on technical experience (e.g. developer, system administrator)
4. Experience working with NIST 800-30 Risk Assessment Standard
5. Extensive experience with IT General Controls evaluation and design
6. Advanced skill level in business process mapping and documentation as well as policy and procedure development
7. Recent experience in Information Security with up-to-date knowledge of the current threat landscape.
8. Solid understanding of PCI DSS standards
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
Report this job...Locum Tenens Opportunity for Hematology/Oncology Physician in Vibrant city of Arrey, New Mexico! We seeking a Board-Eligible or Board-Certified Hematologist/Oncologist for locum coverage due to a provider on medical leave. This is an outpatient-focused role with...
...are seeking a highly motivated and enthusiastic Entry Level Events Assistant to join our dynamic events team. This is an excellent opportunity... ...900 - $1,250 / week Key Responsibilities Assist in the planning and execution of various events and functions. Coordinate...
1. Responsible for conducting international business market research and potential project development work.2. Responsible for promoting the execution and implementation of international business plans, including establishing economic models for investment projects, preparing...
:l Data collection and organization as required l Project report elaboration and translation Address:No.535 Jindu Road
...our guests' journey - a great one!Also, there are a number of opportunities to work in other roles within our travel centers and restaurants so while we may be hiring for a specific role, we always look to train and offer experience for other roles we have.We hope your...