GRC Information System Security Manager

Montgomery, Alabama
Information Technology
Job Type
Temp to Perm
US$ 95,000 - US$ 115,000 per year, $95k - 115k per year + none
Ref. Number
Hart,Patrick, Spherion
Apply Now

Job Description

GRC Management is primarily an audit and compliance team. This team will maintain the organization's System Security documentation to include (but not limited to the following):
- Systems' Security Concept of Operations
- System Security Plans
- Plans of Action & Milestones
- System Authorization to Operate (ATO) Packages
- Risk Assessment Reports
- Interconnection Agreements

Duties & Responsibilities:
- Interfaces with assessors and auditors as well as Medicaid Stakeholders and IT Personnel to facilitate senior leadership knowledge of organizational risk levels, the development of system security documentation, and reporting requirements.
- Ensures, through documentation, reporting, and communications with Medicaid Stakeholders and IT Personnel, that protection and detection capabilities are acquired and developed consistent with the organization-level Security Architecture and Security Policies and Standards, and prioritizes vulnerability remediation efforts according to organizational and security strategies.
- Evaluates and approves development efforts through the use of Security Assessment reports, in conjunction with the Medicaid Technical Security Assessment team, to ensure that baseline security safeguards are appropriately implemented.
- Advises the Chief Information Security Officer on risk levels and security posture as well as the results of cost/benefit analysis of information security program policies, procedures, and technological implementations.
- Prepares, distributes, maintains and assists in the development of plans, instructions, guidance, and standard operating procedures concerning the security of organizational system operations.
- Reviews organizational external agreements and internal system designs to provide input on security requirements and evaluates associated proposed security architectures and designs to ensure that architectures and designs adequately meet requirements.
- Other duties as needed

Working hours: Monday thru Friday 8am - 5 pm

Minimum Requirements:
Bachelor's degree from an accredited four-year college or university in Engineering, Computer Science, Math, Information Technology or a related field.

Experience Requirements:
Ten (10) years' Information Technology experience with at least 3 years' experience in enterprise network or systems administration.
Two (2) years' experience working in Risk Management Framework
Four (4) years' experience working as an Information Systems Security Manager, Security Control Assessor, or related Information Assurance role on system Certification & Accreditation or System Assessment & Authorization.
One (1) year of experience in a leadership role over three (3) or more subordinate team members

Spherion has helped thousands of people just like you find work happiness! Our experienced staff will listen carefully to your employment needs and then work diligently to match your skills and qualifications to the right job and company. Whether you're looking for temporary, temp-to-perm or direct hire opportunities, no one works harder for you than Spherion. EEO Employer: Race, Religion, Color, National Origin, Citizenship, Sex, Age, Disability, Ancestry, Veteran Status, Genetic Information, Service in the Uniformed Services or any other classification protected by law.

Apply Now