Position: Cybersecurity Consultant/Compliance Consultant
Location: Dallas, Taxas
Duration: Contract
Visa Status: = USC or GC holder
Experience: 7-10 Yrs.
Note: Be sure all of the required skills are on the resume such as (NIST, GRC, Data Privacy, compliance, PCI DSS (Payment card industry data security standard)
Skill Required:
Governance, Risk Management & Compliance (GRC)
Compliance Assessments
Date Privacy
NIST 800-53
Privacy Compliance
Security Compliance
Payment Card Industry Data Security Standard (PCI DSS)
Responsibilities:
Perform security and privacy compliance assessments to confirm solution compliance with different industry and government standards and frameworks.
Prepare compliance documentation such as security plans, plan of action and milestones, security roadmaps, policies, standards, and procedures.
Lead documentation delivery, evidence collection, and remediation reporting for client or third-party audits and assessments·
Collaborate with stakeholders to collect and analyze evidence required to demonstrate compliance with standards.
Conduct interviews with stakeholders to gather information and assess the security and privacy posture of an organization and its systems.
Make implementation recommendations for new processes, solutions, or updates to existing solutions/processes that support adherence to industry standards and enhance an organization’s security posture.
Lead the process of obtaining necessary approvals for cybersecurity artifacts (e.g., security plans, roadmap)
Automate security and privacy compliance assessments with GRC solutions.
Qualifications:
Bachelor's degree from an accredited college or university in information technology, decision and information sciences, computer science, or related discipline, or equivalent work experience.
Deep understanding of one more cybersecurity domain (e.g., identity and access management, infrastructure/cloud security, applications security)
Experience with controls architecture and design, and testing
Good verbal and written communication skills
Technical acumen to drive conversations with stakeholders that bring little security/compliance experience on regulatory requirements and how to
satisfy them
Knowledge on NIST SP 800-53, CMS MARS-E 2.2, FedRAMP, HIPAA, PCI, State RAMP, SOC 2 Type II, and other relevant industry and government
cyber security compliance standards and frameworks
Understanding of GRC solutions.