Lead Governance, Risk & Compliance Security Analyst

Company Description

ProSource360 is a Small Business Administration (SBA) 8(a) Certified, HUBZone firm that offers Information Technology (IT) Support Services, Management Consulting, and Healthcare focused services to federal, state and local government agencies as well as selected healthcare organizations. ProSource360 is dedicated to maintaining the highest standards in the quality of our team members and our work, in a cost-efficient manner. We help organizations achieve quantifiable solutions to their strategic imperatives. We have an innovative culture and provide excellent compensation and benefits to our full-time employees.

Job Description

As a Lead Governance, Risk and Compliance Security Analyst you will lead a compliance program that will oversee the Certification and Accreditation for multiple clients using different avenues (e.g. ATOs, CMS Certification, etc.) You will develop a strategy to build a proactive program to support clients in this space and maintain evidence and documentation to demonstrate our health information client's compliance. You will develop relationships across organizations to execute and complete projects according to plan. You will influence organizational change to comply with requirements. You will facilitate and manage risk-based control remediation activities. Lastly, you will become trusted advisor / subject matter expert and effectively communicate with external auditors.

Being a member of Enterprise Security Governance Risk and Compliance team provides an exciting opportunity to be part of an innovative and dedicated team of security and audit professionals. The Lead Governance, Risk and Compliance Security Analyst will lead a team of Security Stewards to ensure our State, Local, and Government client’s CMS and NIST requirements are met using the Risk Management Framework. Additionally, they will lead in efforts to mature our security compliance program to a state of competitive advantage.

Qualifications

Basic Qualifications:

• Bachelor’s Degree in Information Systems, Computer Science, Engineering, CIS, MIS, Accounting or related field or equivalent work experience

• At least 7 years of Information technology security programs, audits, assessments, risk, or remediation management work experience

• At least 4 years of data protection/security regulations, and frameworks, such as BITS, HITRUST CSF, COBIT, NIST 800-53, NIST 800-171 and ISO27002 work experience

• Receipt of the appropriate government security clearance card applicable for your position

• Due to the client contract you will be assigned, this position requires you to be a U.S. citizen

Preferred Qualifications:

• Extensive experience with Certification and Accreditation Programs using RMF

• Extensive experience with NIST & CMS Security standards and frameworks

• Experience working with eMass to support the RMF process for federal clients

• Extensive experience scoping and leading large-scale information security compliance programs in an enterprise setting

• Understanding of the Cloud Shared Responsibility model and integration of the model into a security compliance program

• Experience implementing multiple frameworks & controls across an organization and minimize impact on lines of business

• Experience leading the adoption of GRC technology for a compliance program

• Relevant security certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CISMP (Certificate in Information Security Management Principles) a plus

Additional Information

All your information will be kept confidential according to EEO guidelines.