Job Description

BTG in partnership with the top ranked Healthcare company in Florida has an immediate need for a Information Security Vendor Risk SME

Requirements of the Information Security Vendor Risk SME

  • 3+ years of IT compliance, IT controls and risk management experience with a minimum of 4 years direct experience in an information security role.
  • A bachelor's degree in Computer Science or technology/information security-related field.
  • Certified Information Systems Security Professional (CISSP) is required.
  • Certified Information Systems Auditor (CISA) is required.
  • Certified in Risk and Information Systems Controls (CRISC) desired, not necessary.
  • Strong understanding of ISO-27000 based security program functional areas and other commonly accepted standards (e.g. NIST, CSA, CIS Benchmarks, Trust Services Principles.)
  • Extensive knowledge of relevant legal and regulatory requirements as well as privacy laws.
  • Extensive knowledge of infrastructure, key processes, and technology-oriented risk issues, specifically around security and privacy.

Benefits of the Information Security Vendor Risk SME

  • $52 per hour, depending on experience
  • Full time hours, contract to hire position
  • Medical / Dental / Vision
  • 401k

Responsibilities of the Information Security Vendor Risk SME

  • Perform vendor security assessment activities including evaluation of vendor controls and practices, process enhancements, performing onsite assessments, reviewing independent audit service reports.
  • Communicate and track remediation plans with vendors, business and IT partners and where applicable recommend mitigating/compensating controls.
  • Continuously monitors vendor's security posture and information security risk.
  • Prepare and review third party due diligence reports for management.
  • Analyze data for a holistic enterprise view for management reporting to ensure that vendor security controls are maintained in line with the company's Third Party Security Minimum Requirements and Vendor Risk Management Program.
  • Work to ensure that security controls are managed and maintained by business and IT partners in line with Information Security company policies, standards, and federal and state security and data privacy laws.
  • Serve as a liaison with the IT and business partners to identify, understand, document, and advise on security requirements, impacts and information and IT risks.
  • Assess the appropriateness and effectiveness of security measures and recommends enhancements.
  • Develop information security processes and procedures and continuously improve security aspects of operating processes.
  • Research the latest information security trends and emerging threats.
  • Perform information security risk assessments on identified IT issues raised by IT and business partners, as needed.
  • Advise and guide business and IT partners regarding compensating control alternatives where security requirements cannot be met, as needed.
  • Track remediation plans with business and IT partners and where applicable recommend mitigating/compensating controls, as needed.
  • Continuously monitors IT security posture and information security risk, as needed.
  • Analyze data for a holistic enterprise view for management reporting to ensure that security controls are maintained in line with the company's Information Security Minimum Requirements and Risk Management Program, as needed.
  • Analyze data for a holistic enterprise view for management reporting to ensure that security controls are maintained in line with the company's Information Security Minimum Requirements and Risk Management Program, as needed
  • Advise and guide business and IT partners regarding compensating control alternatives where security requirements cannot be met, as needed.
  • Participate in initiatives to identify, technical and operational information security controls company-wide, as needed.
  • Validate that technical and operational information security controls are incorporated into new IT systems by participating in all business planning groups and reviewing all new systems/installations and major changes, as needed.
  • Perform information security risk assessments of technology enabled projects, as needed.
  • Participate on IT projects to ensure that security issues are addressed throughout the project life cycle, as needed.

If you believe that your skills and experience are a match for this position, please submit your most current resume and a recruiter will be in contact. Resumes can be submitted via e-mail to apply@btginc.com or apply on line at https://jobs.btginc.com. You may also give us a call at 904-998-9414 to speak to a Recruiter.

Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!

Apply Online