Information Security Compliance Principal

One of our clients, medical devices and services company is looking for an Information Security Compliance Principal.

** Must be authorized to work in US for ANY EMPLOYER.
   No H1 Visa support for this position.

The Location is Northern New Jersey
Permanent position with great benefits.
Hybrid commute - 2/3 days Home/Office.

To be considered immediately please send your resume to igork@brainsworkgroup.com

Information Security Compliance Principal
 
Role

• Develops, implements, updates, and enforces data and security-related privacy policies, standards and procedures, and corrective actions as needed.
• Maintains current knowledge of applicable data protection laws, security standards, information technology trends, and accreditation standards. 
• Evaluates and improves processes for investigating, documenting, and reporting unauthorized access or disclosure of personal information. 
• Maintains and updates the information management system in collaboration with legal and governance teams. 
• Provides risk assessments and security briefings to management and advises them of critical issues that may affect customer or corporate security objectives.
• Creates and delivers privacy and security-related training programs for all employees, contractors, and any appropriate third parties.
• Leads risk assessments, audits, policy, governance, and/or reporting.
• Maps controls to policies, procedures, and processes; testing such controls to ensure adequate coverage.
• Evaluates and recommends security products, services, and/or procedures to enhance productivity and effectiveness. 
• Manages vulnerability scanning and penetration testing activities.
• Analyzes and remediates issues associated with ISO 27001 compliance, NIST framework, and other security standards.

Requirements and Skills

• Minimum of 5 years’ experience with regulatory compliance assessments, Information Technology General Controls (ITGCs), control frameworks such ISO27001, SOX, NIST CCF, HIPAA, & GDPR. 
• Strong working knowledge, understanding and experience in building, maintaining, and maturing effective security Governance, Risk, and Compliance functions 
• Experience performing privacy and/or security gap assessments.
• Knowledge of the federal and state privacy rules, regulations, and guidance related to security and privacy including but not limited to:
  1. HIPAA
  2. GLBA
  3. GDPR
  4. CCPA
  5. Safe Harbor framework
  6. Generally Accepted Privacy Principles (GAPP)
  7. NIST
  8. ISO27001
• CISSP, CRISC, CISM, CISA, CIPP US/E and/or other relevant information privacy certifications preferred.
• Experienced in the operational application of privacy laws.
• Bachelor’s or equivalent practical experience combined with relevant certifications required

Understanding the environment in which business operates and associated data protection risks.



Use this link to apply directly: