-Client Location - prefer someone in NY/NJ- but can be 100% remote
-Rate - market
-Duration - 6+ months
-Interview Process - 2 rounds
Key Skills –
Must have: administration and experience with GRC tools is a must.
-They are using RSAM.
- CISSP, CRISC, GSEC, CISA, or similar is required
- will be developing and maintaining IT risk KRIs in GRC platform, etc
- Working knowledge of IT controls frameworks (CIS Critical Security Controls, NIST 800-53, 800-171, and ISO2700x); as well as, the regulatory environment (HIPAA, FERPA, GLBA, PCI, GDPR, and other data privacy laws) is required.
-They do not want someone who is 100% engineer focused, they need someone who has worked on the business side of risk management (working with stakeholders, GRC vendor, CISO, etc)