Information Security Compliance Principal
One of our clients, medical devices and services company is looking for an
Information Security Compliance Principal.
** Must be authorized to work in US for ANY EMPLOYER.
No H1 Visa support for this position.
The Location is Northern New Jersey
Permanent position with great benefits.
Hybrid commute - 2/3 days Home/Office.
To be considered immediately please send your resume to igork@brainsworkgroup.com
Information Security Compliance Principal
Role
- Develops, implements, updates, and enforces data and security-related privacy policies, standards and procedures, and corrective actions as needed.
- Maintains current knowledge of applicable data protection laws, security standards, information technology trends, and accreditation standards.
- Evaluates and improves processes for investigating, documenting, and reporting unauthorized access or disclosure of personal information.
- Maintains and updates the information management system in collaboration with legal and governance teams.
- Provides risk assessments and security briefings to management and advises them of critical issues that may affect customer or corporate security objectives.
- Creates and delivers privacy and security-related training programs for all employees, contractors, and any appropriate third parties.
- Leads risk assessments, audits, policy, governance, and/or reporting.
- Maps controls to policies, procedures, and processes; testing such controls to ensure adequate coverage.
- Evaluates and recommends security products, services, and/or procedures to enhance productivity and effectiveness.
- Manages vulnerability scanning and penetration testing activities.
- Analyzes and remediates issues associated with ISO 27001 compliance, NIST framework, and other security standards.
Requirements and Skills
- Minimum of 5 years’ experience with regulatory compliance assessments, Information Technology General Controls (ITGCs), control frameworks such ISO27001, SOX, NIST CCF, HIPAA, & GDPR.
- Strong working knowledge, understanding and experience in building, maintaining, and maturing effective security Governance, Risk, and Compliance functions
- Experience performing privacy and/or security gap assessments.
- Knowledge of the federal and state privacy rules, regulations, and guidance related to security and privacy including but not limited to:
- HIPAA
- GLBA
- GDPR
- CCPA
- Safe Harbor framework
- Generally Accepted Privacy Principles (GAPP)
- NIST
- ISO27001
- CISSP, CRISC, CISM, CISA, CIPP US/E and/or other relevant information privacy certifications preferred.
- Experienced in the operational application of privacy laws.
- Bachelor’s or equivalent practical experience combined with relevant certifications required
Understanding the environment in which business operates and associated data protection risks.
Use this link to apply directly: