NIST Security Architect

PlanIT Group LLC

$90K — $130K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • BS or BA degree in a related field or equivalent work experience.
  • Minimum 5 years in information security or related field.
  • Strong oral and written communication skills.
  • Familiarity with security and regulatory frameworks including HIPAA, NIST, and ISO standards.
  • Ability to solve complex problems creatively.

Responsibilities

  • Gather and analyze metrics and key risk indicators for information security.
  • Evaluate and track audit findings to ensure closure and remediation.
  • Manage policy exceptions and coordinate annual reviews.
  • Support the maturation of the security management program.
  • Maintain risk appetite frameworks for security and business continuity.
  • Conduct IT general controls activity reviews and assess compliance maturity.
  • Support risk reviews for third parties, including BAA and attestation campaigns.

Benefits

  • Collaborative work environment with various teams.
  • Opportunities for professional development and training in GRC.
  • Engagement in cutting-edge security compliance initiatives.
  • Participation in evolving security management programs.
  • Exposure to a variety of security architectures and frameworks.
Full Job Description
Provide proven expertise and knowledge in Governance, Risk and Compliance (GRC), internal and external audit and assessment support and Information Security assurance initiatives. A firm knowledge of security compliance controls i.e NIST 800-53r4, HIPAA, HITECH, ISO27001 and other security standard frameworks is an absolute requirement.

Gather and analyze metrics, key risk indicators and maintain scorecards defined within the area of information security to ensure the information security program is meeting governance expectations and maturity. This candidate must be familiar with general security risk management principals, healthcare and government-designed security control standards and best practices for security and privacy.

Candidate should be familiar with documented security plans, procedures, supporting evidence and risk rating standards based on NIST and other risk management frameworks.

Assist with evaluation and testing as well as work with the applicable teams to track, address, and remediate audit and assessment findings to closure. Candidate must be familiar with threats and vulnerabilities, latest trends and risks and be able to understand the technical remediation action steps or plans and communicate them effectively to teams within the organization.

Manage policy exceptions with requestors and coordinate the annual exception review process. Requires working directly with various teams to document exceptions, identify compensating controls, and remediation action plans accordingly. Provide process improvement suggestions for more effective management and review of exceptions.

Support and help mature the overall security management program. Should be familiar with general governance, risk and compliance (GRC) programs with specific knowledge of government practices, and security risk and policy management. Provide support for ongoing BAA, third party risk reviews, including initial inherent risk, ongoing residual risk, and attestation campaigns.

Support and help maintain risk appetite frameworks focused on security and business continuity risks. Additionally, support and maintain other general regulatory risk assurance program functions.

Support and address regular IT general controls (ITGC) activity reviews and be able to rate and score maturity and compliance to standard control objectives.

A knowledge of security architectures including SDLC, cloud or multi-tenant infrastructure and environments and network/boundary architectures. Should be familiar with SIEM, DLP, and other reporting and protection capabilities.

Qualifications

This position requires:

BS or BA degree in a related field or equivalent work experience.

Minimum 5 years in information security, Risk Management, IT compliance, or security/IT risk related field.

Strong oral and written communication, as well as good interpersonal skills.

Knowledge and experience in standard security and regulatory frameworks including HIPAA, HITECH, NIST 800-53, other NIST standards, ISO 27001/31000, FFIEC and PCI.

Possess the ability to solve a wide range of complex problems, requiring ingenuity and innovation.

Preferred/Nice-to-haves:

Experience using GRC platforms or rating scorecards to show compliance levels and maturity.

Experience with SharePoint administration, including workflow and process design.

Current Certified Information Systems Security Professional CISSP certification (or similar security profession certificate).

Current Certified Information Systems Auditor CISA certification (or similar).

Similar Jobs

More Jobs at PlanIT Group LLC

  • NIST Security Architect
    $90K — $130K *
    Albany, NY 12203 (Albany County)
    Information Technology
    In-Person
  • RF Engineer
    $100K — $130K *
    Chelmsford, MA 01824 (Middlesex County)
    Aerospace & Defense
    In-Person
  • LINUX Engineer
    $90K — $120K *
    Arlington, VA 22204 (Arlington County)
    Aerospace & Defense
    In-Person
  • ServiceNow Programmer
    $90K — $120K *
    Houston, TX 77084 (Harris County)
    Information Technology
    In-Person
  • Software Developer
    $90K — $120K *
    Reston, VA 20191 (Fairfax County)
    Healthcare
    In-Person

More Information Technology Jobs

Find similar NIST Security Architect jobs: