- Function as a Subject Matter Expert and source of knowledge on vendor security monitoring programs
- Review existing processes related to vendor security management to identify gaps and process improvement opportunities in; define requirements and drive development of an improved vendor vetting framework tailored to our business needs
- Define requirements and drive development and implementation of a vendor security monitoring program and tool from the ground up, which addresses regulatory compliance needs
- Work collaboratively with Procurement and VMO (vendor management office) to determine program inter-dependencies, define roles & responsibilities, and recommend necessary steps, tasks, and milestones for implementation of the vendor security monitoring program
- Identify options and present alternatives and recommendations for tool sets, products or technology investments (as applicable)
- Leverage defined standards, policies and industry best practices to determine requirements for program definition and to establish a framework including policies and procedures for the full life cycle of vendor security monitoring
- Support data migration efforts and drive towards a centralized inventory of vendor contracts
- Provide guidance and subject matter expertise on best practices and industry standards for vendor security monitoring and vendor risk management
- In collaboration with GIS management determine and document success factors for vendor security monitoring program
- Maintain regular communication on project status against agreed upon milestones and deliverables
Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Must be clearable to the Top Secret level.
- Background in vendor compliance and security governance.
- Demonstrated capacity to translate business requirements and influence management and executives as to the value of a comprehensive system inventory as a foundational element of an information security program.
- Must possess experience with NIST standards and Functional knowledge in ISMS governance models (ISO 27001, NIST), information security roles and responsibilities, and controls
- Functional knowledge of common industry certifications (ISO 27001, SOC2 etc) and associated requirements for maintaining compliance (ex, annual penetration tests).
- Functional knowledge of the CISSP security domains and information security industry standard and best practices.
- Candidate should possess one of more of the following certifications: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), or ISO27001 Lead Auditor (LA)
- Experience working in large-scale, complex enterprise environments.
- Ability to negotiate with the business and communicate the value of implementing a vendor security monitoring program in risk reduction terms
- Capable of communicating vendor risk and security monitoring concepts to the business and IT
- Experience in compiling executive friendly vendor risk reports and dashboards.
- Working knowledge of SharePoint and Microsoft Office suite of tools, including strong competency in Excel
- Excellent written and verbal communication skills with the ability to explain complex concepts in business terms
- Strong attention to detail and organizational skills.
- Action orientation with a strong drive to follow-through and achieve results
- Candidates must possess a Bachelor's Degree and 2 years or 4 years of relevant IA experience with no degree
- Limited travel, maybe 10%.
ICT4PE&D
No comments:
Post a Comment
Thank's!