*One day per week onsite in Detroit required.
Summary:
Develop and manage information security initiatives for multiple IT functional area across the enterprise related to risk management, mitigation and response, compliance, control assurance, and user awareness. Develop and drive security strategies, policies/standards, ensuring the effectiveness of solutions, and providing security-consultative services to the organization.
Top 3 Required Skills/Experience:
- Five years of combined IT experience preferred, including two years IT security work
- IT Audits
- Knowledge of security and risk frameworks (ex: HITRUST, NIST)
Education/Experience:
- Certified Information Systems Security Professional (CISSP), CISA, CPA/CA, CISM or other equivalent professional certification is required. CISSP certification preferred.
Job Responsibilities:
- Evaluate the design and operation effectiveness of Business/IT operations against the HITRUST CSF and identify areas of improvement
- Interview SMEs, examine evidence documentation, analyze and perform testing
- Learn the company functions/processes by conducting process walk throughs
- Analyze root cause of issues, provide recommendations for process improvements and risk mitigation based on assessment findings
- Collaborate with cross-functional teams to mitigate risks and ensure compliance with HITRUST CSF
- Deliver effective and concise documentation that meets HITRUST quality standards
- Prepare and provide reporting such as dashboards and metrics, on various areas of performance, issue analysis and assessment statuses