Dimondale, Windsor charter Township, MI
Salary: $80.00 to $85.00 /hour
Skills, Experience and Qualification Areas for Audit, Assurance and Compliance Projects
• 5 to 10 years or more experience working in regulated financial industry or in a financial organization / department. Examples:?
o FDIC or IRS
o ?Federal / State / Large Local Government Treasury Departments
o University or Research organization which operates under PCI, IRS, FERPA, GLBA, or similar regulations.
• 5 years+ IT Compliance, IT Security or IT Audit Experience involving?the following technology areas:?technology architecture, data center controls, databases and data management, application life cycle, encryption and key management, server management, networking, vulnerability management, incident management, business continuity and disaster recovery.?
• Ability to research, appropriately interpret and apply complex regulations, technical standards and guidance. Examples:
o IRS Tax Code – IRS IRC 61016 and?IRS Publication 1075
o NIST Technical Series Publications
o Payment Card Industry Data Security Standards (PCI DSS)
o Federal Information Security Management Act (FISMA)
o Sarbanes Oxley 404 -? General IT Controls
o Open Web Application Security Project (OWASP)
• Working knowledge of PCI DSS, IRS Safeguards Reviews, and / or other regulatory or compliance type reviews, attestation engagements, etc.
• General understanding of penetration testing, host vulnerability scanning, network security and application (code) scanning.
• Demonstrated ability to assess risk, with a general understanding of compensating and mitigating controls.
• Ability to understand the audit lifecycle, system development lifecycle and IT project lifecycle.?
• Demonstrated ability to summarize technical information in a manner appropriate for executives.
• Demonstrated ability to successfully lead and coach teams comprised of both functional and technical personnel.? Demonstrated ability to work across a complex network of stakeholders, technology teams, business teams, vendors /other supporting external parties.
• Contract Management Experience. (May need to work with vendors who are operating under various, different SOM contracts. May need to contribute to / provide project management skills for Pen Test Statement of Work, PCI QSA Statement of Work and other SOWS for remediation.)
Responsibilities for PCI and IRS Program / Project Manager:
• Manage cyber security, infrastructure teams, agency application teams, vendors, third-party auditors, and client sponsor team to earn the annual Report on PCI Compliance and the triennial IRS Safeguards Review Engagement. Team sizes of ~ 100 to 250 members across 16 agencies.
• Work with the sponsors to coordinate the annual PCI on-site assessment and triennial IRS Safeguards On-Site Review. Provide metrics to demonstrate resource need.
• Lead and / or participate in PCI?Core Team Meetings and IRS Safeguards Review Core Team Meetings
• Lead / Co-Lead PCI Steering Committee Meetings and IRS Safeguards Review Steering Committee
• Manage quarterly data loss prevention / inspection activates
• Manage and escalate issues where PCI compliance may be at risk.
• Working with the Treasury Sponsor, track and report on the PCI compliance status of payment processes and applications so that enterprise level compliance can be determined.
• Track and report on the remediation plans and timelines associated with PCI gaps / vulnerabilities.
• Coordinate the delivery of annual PCI Application Training for developers
• Working with the Agency and Technology Sponsors and PCI Core Team host the annual PCI Kick-Off Meeting
• Working with the Agency and Technology Sponsors, to plan for and host the IRS Safeguards On-site Review
• Track effort and costs associated with the Compliance Projects (e.g., PCI and IRS Safeguards)
• Prepare status reports for various audiences (general stakeholders, technical participants, business/functional participants and executives)
• Collect, organize and analyze evidence demonstrating PCI Compliance
• Lead sessions to develop compensating controls and risk management plans
Preferred Desired Skills
• Technical Security Certification preferred.? Examples: CISSP, CSX, or CISA.
Project Management Certifications required: PMP
Technology is at the heart of what we do.We offers professional services that help organizations reach there goals.
+1 800 995 6573