This is a 6-month+ assignment based in Manhattan. Extensions are probable.
Great work environment. Newer technologies, exciting projects and friendly professional staff.
This position is based in the Information Security function under the Office of the CTO. The IT Security Risk Assessment/Auditor professional will be primarily responsible for performing IT Security Risk Reviews of application, system and networking projects and environments to identify, evaluate, and recommend security controls that address information security risk to the University.
Initiates and performs risk assessment activities including vulnerability assessment and management activities, covering all University business units, including Finance, Research, Health Care, and Educational activities.
Performs information security reviews related to security maturity and risk management.
Provides guidance and assistance regarding information security matters such as the interpretation of information security policies and requirements or their applicability to particular situations. 30% IT Compliance Control:
Manages detailed network, operating system, database, and application assessments and security configuration audits, evaluating the effectiveness of information security controls as they have been proposed or implemented.
Researches and deploys tools and strategies to leverage audit results into actionable items; proposes operational improvements to reduce risk.
Keeps current on compliance requirements in all areas of University activity, including HIPAA, FERPA, GLBA, PCI, including national and international data privacy laws.
Ensures alignment with relevant Information Security standards including NIST 800-53, 800-171, ISO 2700x, etc. 20% Reporting & Communication:
Analyzes data from Information Security functions and provides reports and recommended response actions to Information Security management. Represents Information Security to other organizations on information security related matters, as assigned. Publishes regular status reports and submits to management.
Maintains IT risk register, correlating audit and review results, as well as operational information, to determine likelihood and impact of risks. Recommends policy and functional actions to reduce risk.
Oversees operational tasks supporting information security functions such as intrusion detection and prevention, security event log analysis, management reporting, malware prevention and remediation, encryption, network segmentation, remote access, cloud security, and authentication.
Supports, maintains, monitors, troubleshoots and enhances security infrastructure tools, methodologies, software, and hardware. Drafts and reviews information security policies, processes, and procedures.
Required Skills and experience
5+ years IT Security Audit experience with the following:
Good experience with PCI and HIPAA
NIST 800-53 and ISO 2700x frameworks
Compliance with frameworks and policies
Assess risk (CIS) - Center for Internet Security
Keep risk register
GRC tool - Archer or RSAM
Security Audits, Risk, HIPPA, PCI, Compliance
Iron City Search