IT Security Compliance Manager (Contract) – Downey, CA

This is a short-term contract opportunity in Sunny California with one of our large public sector clients. Our client is currently in need of one full-time Consultant to serve as an Information Technology (IT) Security Compliance Manager (SCM) in their Cyber Governance and Operations branch (CGO).

The CGO IT Security Compliance Manager will be responsible for continuous evaluation of the design and effectiveness of IT controls based upon industry best-practice models (e.g. COBIT, ITIL, FISMA, FEDRAMP, NIST, ISO, OMB, etc.) in accordance with compliance requirements, and provides a systematic, disciplined approach to the analysis of operational business and governance processes to conform to IT standards and regulations.

The CGO IT SCM is responsible for proactively working with multiple departments and business units in order to monitor and ensure the compliance to agree upon policies, standards, contractual and regulatory standards/requirement for information security and data protection. The candidate should demonstrate enthusiasm and interest in Information Security, have a passion for collaborating with various resources across multiple departments and business units.

In addition, the SCM role requires strong project management, written, and verbal communication skills. The SCM will be required to present information to technical and or non-technical staff and executives on periodic basis.

Duties and Responsibilities

The Consultant shall perform all of the following duties:

  • Provide security expertise in NIST 800-53 and ISO 270001/2 controls, PCI, HIPAA and CJIS compliance and helps CSB to create best practice frameworks, policy creation and business impact analysis
  • Design and implement a program which includes development and implementation of efficient IT policies and procedures.
  • Collaborates and effectively engages with ITS teams, departments’ stakeholders and leadership across the client to develop, define and build risk assessment methodology with identified business priorities
  • Responsible for managing the program to achieve full compliance with the client’s defined IT Controls, and Security programs, and implementation of IT procedures focused on efficiency, effectiveness and risk avoidance.
  • Collaborate with the ITS team, internal audit and the corporate security team to assess, remediate and prevent information technology risks.
  • Management and reporting of risk and security metrics.
  • Perform ongoing education and training in Information Security related areas
  • Development of IT Strategies and roadmap.
  • Provides oversight and project management of various internal and external audits, PCI, HIPAA and CJIS compliance and risk/ control assessment engagements, and regular penetration testing

Minimum Qualifications

The Consultant must meet all the following minimum qualifications:

  1. One or more of the following professional certifications requited: Qualified Security Assessor (QSA), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professionals (CISSP), Certified Information Security Manager (CISM) or Certified Information Privacy Professional (CIPP)
  2. Bachelor’s degree from an accredited college in Technology related discipline (e.g. Computer Science, Engineering, Information Systems, etc.) or equivalent experience/combined education.
  3. Minimum of three (3) years’ experience in the last five (5) years as an IT Security Compliance Manager, supporting a complex enterprise security environment for a large public or private organization.
  4. Minimum of three (3) years of experience in the past five (5) years as an IT Security Compliance Manager, supporting Enterprise Multi-Tenant environment, include responding, containing, remediating, and reporting on the infrastructure connecting to the client’s departments and Public Cloud Providers, such as AWS, Azure and/or GCP.
  5. Minimum of two (2) years’ experience in the last three (3) years analyzing, responding, and remediating enterprise network & security architectures.
  6. Minimum of two (2) years’ experience in the last three (3) years leading IT Security/Information Security teams.
  7. Demonstrated ability to create clear, concise technical documentations such as procedures, Visio diagrams, and system support documents, and strong presentation skills with experience using Microsoft PowerPoint.