Support PDF,DOC,DOCX,TXT,XLS,WPD,HTM,HTML fils up to 5MB
Years of Experience
Date Last Verified
ProfileCyber Security Analyst / Compliance The candidate will coordinate assessment efforts and communications with internal IT Control Owners, wholly owned subsidiary management and internal and external Service Lines and Customer Groups performing on contracts supported by SOX or FAR /DFARS in-scope systems and Program managers including senior management and their respective audit organizations. Will serve as a subject matter expert for all firm IT Technical Compliance consultations and guidance to ensure employees, suppliers, and customers are aware and understand FAR, DFARS, FedRAMP, HIPAA NIST, SOX and other technical compliance Security Standards/Controls specified under various IT governance and compliance models. Applications and Systems Development Security, Security Management Practices, Access Control, Security Architecture and Modeling, Telecommunications, Network Security, Cryptography (PKI), Operations Security, and Physical Security Controls, etc. Primary Responsibilities Cyber Security Analyst – Principal Compliance position successful candidate will develop and maintain constructive relationships with firms’ internal controls owners, regulators, industry associations and peer companies as it relates to IT Security Technical Compliance. Serve as a leader and subject matter expert on various SOX, DFARS and other technical compliance IT enterprise projects and initiatives. Serve as a leader and security subject matter expert when consulting with firm’s covered DFARS IT contracts and associated in-scope Systems in coordination with senior members of the Contract Compliance and Operations team. Follow established guidelines to investigate possible Health Insurance Portability and Accountability Act (HIPAA) Act of 1996 complaints. Gathers, prepares, and summarizes relevant materials for use by attorneys and other legal counsel. Provide technical security responses in support of case files of new and existing complaints, legal research, indexes, and he security portion of tracked documents being sent to possible complainants. Serve as a leader and security subject matter expert on various SOX, DFARS and other technical compliance IT enterprise projects and initiatives. Serve as a leader and consultant for the development and on-going management of Policies, Procedures and Training for firm’s core FAR, DFARS, NIST, FedRAMP and SOX contract management processes (including pre- award activities, Organizational Conflict of Interest (OCI) management, contract award, contract modification and contract close-out) for US Federal, State & Local, Commercial and International contracts. Evaluate and conclude on internal auditor IT exceptions & findings. Monitor and provide input on emerging regulation and regulatory changes in the US Federal and State and Local contracting environment (including FAR, DFARS, Federal Agency Supplements, SOX, State and Local requirements and CAS); ensure firm’s Security Policies, Plans Procedures and Training for DFARS compliance remain compliant and up to date. Lead the IT Security Compliance consultant function to ensure continued maintenance and improvement to firm’s security of FAR, DFARS and SOX in-scope IT Systems. Participate in the development, review and periodic certification of FAR, DFARS, FedRAMP, SOX and operational controls as it relates to firm’ Contract Management processes. Act as a subject matter expert for IT technical compliance on corporate initiatives, including merger and acquisition activities, process improvement projects and organizational development activities. Discuss findings and conclusions with internal and external auditors. Review and evaluate external auditor independent findings. Act as a conduit between internal auditors and external auditors. Facilitate meetings to ensure IT controls stakeholders are aligned. Attend various meetings: internal PMO meetings, PMO/ITS meetings, external audit meetings and internal audit briefings. Assist in remediation planning and prioritization. Review new and changed IT controls. Evaluate new system implementations including subsidiaries for IT control considerations. Develop manuals and guidance to assist departments with IT control related matters (e.g., CONOPS). Develop audit findings analysis reports. Bachelor's and 9+ years of experience. Master's and 7+ years of experience, PhD or JD degree and 4+ years of experience. A Bachelor’s degree coupled with 7+ years of experience in IT compliance or auditing with an emphasis on SOX, DFARS, NIST and other control frameworks. Working knowledge of Security Standards/Controls specified under various IT governance and compliance models (NIST, ISO 27001&27002, ITIL, SOX, and DFARS/FARS) is needed. Experience working in a fortune 500 company or in an auditing firm where the responsibilities included: Developing audit committee materials and findings for public consumption is needed. Understanding of the ITGC Audit Conclude Framework for SOX 404, “A Framework for Evaluating Control Exceptions and Deficiencies” v3 2004 is advantageous. Understanding of Securities and Exchange Commission (SEC) Interpretive Guidance on Management's Report on Internal Controls Over Financial Reporting is essential.