Info security risk usa

Job Description

Info risk security usa

 Experience level: Mid-senior Experience required: 5 Years Education level: Bachelor’s degree Job function: Information Technology Industry: Financial Services Compensation: View salary Total position: 1 Relocation assistance: No

JOB DESCRIPTION:

The purpose of this Information Security Risk Senior Specialist role is to support the Information Security Risk and Compliance function, with a focus on Federal and State Government Public Sector clients.

Candidate will assist in the Information Security Risk Management process by reviewing, documenting, organizing, monitoring, tracking, and reporting on information security risks to address compliance and regulatory requirements while aligning with and supporting Mercer’s risk posture.

This role reports to the Information Security Risk and Compliance Leader.

RESPONSIBILITIES

Provide relevant technical and information security expertise and assistance with the completion of client requests for proposals (RFPs), questions, questionnaires, contract reviews, and audits.     

Provide insight and advice to key stakeholders to effectively manage information and cyber security risks across Mercer’s technology platforms.

Support Federal and State Government information and cyber security client engagement work.

Work with Legal Staff to review information security-related documents and contracts to determine information security risks, communicate potential issues, propose mitigation options, and shepherd contracts to completion.

Assist with information security-related compliance activities for CCPA, NYDFS, PCI-DSS and other regulatory and standard requirements.

Serve as the information security liaison in support of Mercer Federal and State Government business teams and Mercer IT to review and provide security recommendations during development, design, and implementation of applications in compliance with NIST controls.

Map company security policies and procedures to industry standards and regulatory requirements.

Assist with data collection and creation of a System Security Plan.

Participate in global level engagements on regulatory compliance hosted by Federal, State, and private entities.

Assistance with creating proposed solutions for sophisticated security and compliance issues.

QUALIFICATIONS:

A Bachelor’s degree or equivalent work experience in information security, accountancy, audit, information systems, or other related field of study.

Two or more years of work experience in IT audit, IT security, or IT risk management work.

Basic understanding of risk concepts, including risk identification, evaluation, mitigation, and measurement.

Familiarity of GDPR, PCI-DSS, HIPAA/HITECH, NIST, NYDFS, and other relevant information and cyber security and data protection regulations and standards.

Strong communication, organizational skills, interpersonal, and collaborative skills.

Proficient knowledge of Microsoft Office products including Excel, Word, and PowerPoint.

Capable of handling a variety of ad-hoc requirements.

Strong problem-solving skills with the ability to develop technical solutions to address security risks posed by Federal and State client work.

Experience in a service-oriented organization serving many stakeholders.

Detail-oriented and excels in a fast-paced dynamic environment.

Working knowledge of Federal and State Compliance standards, regulations, and laws, (i.e., IRS Pub 1075, CMS MARS-E 2.2, CJIS, Social Security Administration, FCC, NACHA, etc.)

Subject matter expert for regulatory compliance requirements necessary to safeguard data that supports the essential functions of Federal and State Government.

ADDITIONAL QUALIFICATIONS:

Experience with Federal and State Government contracts, PCI-DSS and ISO27001 assessments a plus

Security Certifications such as CISSP, CISA, CISM, CRISC, PCI-DSS ISA or QSA

Experience working with Federal and State government entities as part of a large IT enterprise

Strong interpersonal and communication skills

Strong analytical skills and experience working in a complex environment

Proven experience as a strong cross-group collaborator and team player

ABOUT: believes in building brighter futures by redefining the world of work, reshaping retirement, and investment outcomes, and unlocking real health and well-being. more than 25,000 employees are based in 44 countries and the firm operates in over 130 countries.r is a business of the world’s leading professional services firm in the areas of risk, strategy, and people, with 76,000 colleagues and annual revenue of $17 billion. Through its market-leading businesses including helps clients navigate an increasingly dynamic and complex environment.

1.) Please elaborate candidate's experience in cyber security and data protection regulations and standards

2.) Please elaborate candidate's experience in System Security Plan

3.) Please elaborate candidate's experience in Federal and State Government information and cyber security client engagement work

4.) Please provide the link to candidate’s LinkedIn profile:

5.) What is the candidate’s work authorization status?

6.) What is the candidate’s highest level of education?

7.) Has the candidate applied or been interviewed for any role with this company in the past? If so, please provide details.

8.) What is the candidate’s desired total compensation? (Please specify base salary vs. commission/bonus expectation)

9.) Where is the candidate located? If candidate is not near the job location, please explain relocation plan in detail (e.g. timeline, relocating with family, selling/buying property)

Skills