What are the responsibilities and job description for the Senior Information Security GRC Analyst position at Zencon Group Inc.?
Interview Process: 1-2 Rounds of Virtual Interviews. In person availability for interviews preferred.
Duration of the Contract: 12 Months
Possibility for Extension: Yes
Work Location: Role is 100% Remote. Preference will be given to local candidates who can come to the office as needed for client and departmental meetings, trainings, and other onsite activities.
Candidate location: No South Carolina residency required. Open to nationwide candidates. All travel-related costs for onsite work will be the responsibility of the resource no matter the frequency of onsite work.
Scope of the project:
This position with be perform duties as part of DIS execution of its responsibilities under the statewide information security program. DIS Responsibilities include:
- Supporting agencies during their development of the information security program with direct tactical implementation assistance.
- Developing and tracking agency information security implementation plans.
- Interview administrators, managers and third parties to aid in development of program artifacts.
- Ensuring high-level assessments of agencies’ infosec work to ensure progress is made.
- Providing high-level analysis of process and procedures work to ensure compliance with state standards.
Daily Duties / Responsibilities:
Duties include, but are not limited to:
- Interviewing business and technical owners to determine policies and procedures used for each agency process.
- Developing and tracking infosec implementation plan progress.
- Documenting information gathered during both interviews and
- Document reviews to assist with developing formal process and procedures.
- Assessing agency documentation to ensure adequate approaches are used to comply with controls.
Required skills (must include years of experience, in order of importance)
- 10 Years of Experience in Information Security and Compliance.
- 2 Years of Experience with security audits based on a standard control set as an auditor or responding information system security officer
- Must Have a Strong Working Knowledge of NIST 800-53 (2 Years of Experience)
- Prior Experience POA&M or CAP.
- Strong Communication Experience.
- Experience With Using A GRC Tool (Archer or Similar) (3 Years of Experience)
Preferred Skills (Rank in order of Importance):
- Have completed an information security plan or system security plan notebook.
- Simultaneously, manage multiple infosec work efforts.
- Knowledge of IRS 1075, HIPAA, CJIS, MARS-E and/or PCI-DSS.
- Government sector experience
Additional Skills
- Ability to identify, map and re- engineer business processes.
- Strong schedule management and resource planning skills.
- Ability to work at a high-volume and fast pace.
- Strong collaborator and strong ability to meet deadlines.
Required Education:
- Bachelor’s Degree
Preferred Certification:
CISA, GSLC, or equivalent certification