Position Responsibilities
Responsibilities:- Provide subject matter expertise related to NIST 800-53, FedRAMP, CMMC, ISO27001, PCI DSS, SOC 1, SOC 2, and other information security regulations.
- Maintain, and mature GRC services as a primary or backup service owner (e.g., Policy Management, Risk Management, Customer Security Due Diligence, Business Continuity Planning, etc.)
- Track assigned information security risks through the Risk Management process.
- Perform data quality reviews for GRC process measurement.
- Prepare risk management metrics and reporting.
- Work with Deltek technical and business professionals to determine appropriate risk treatment decisions and plans.
- Utilize governance, risk, and compliance (GRC) tools to manage the list of external authoritative sources, information technology controls, corporate policies and procedures, vendor management systems, and risk management workflows.
- Facilitate gathering, reviewing, and assembling internal and external audit evidence.
- Support projects as assigned to enhance Deltek compliance capabilities.
- Maintain proficiency with applicable laws, regulations, and standards.
- Support internal risk and compliance meetings as a subject matter expert.
- Draft and maintain compliance documents (e.g., policies, standards, procedures, etc.).
- Coordinate the adoption of information security best practices throughout the enterprise.
Qualifications
Requirements:- B.S. degree (Information Security, Computer Science, MIS, or equivalent program preferred)
- Minimum 3 years of combined experience in Information security, compliance, technology audit, or a related field.
- Experience with NIST SP 800-53, ISO 27001, PCI DSS, or SOC 1/2.
- Strong written and verbal communication skills.
- Experience working in a collaborative team environment.
Preferences:- CISSP, CISA, or other related information security certification desired.
- FedRAMP, NIST 800-171, CSA CCM, CIS Security Framework experience desired.
- Experience with software development in a cloud environment is desired.
