IT Security Auditor
*Local to Richmond, VA only please
*This is a hybrid position with 2 days/week onsite
Description:
- The clients Health Benefit Exchange division is seeking an experienced IT auditor to support our transition to a new security standard and strengthen our third-party risk management program.
- This role will help interpret and implement updated security requirements conduct audits and assessments of both internal processes and external vendors and partners evaluating controls and recommending improvements.
Responsibilities:
- Assess current security controls and processes against new CMS IRS and the clients security standards.
- Identify gaps and recommend remediation steps to achieve and maintain compliance.
- Plan lead and execute development and updates to policies procedures and documentation to reflect requirements.
- Design implement and train on the process for assessing partners and vendors ensuring alignment with security standards.
- Develop assessment tools workflows and scoring model to evaluate and measure the effectiveness and compliance of vendor and partner security controls.
- Evaluate the security posture of vendors and partners to ensure information security contractual information sharing and data sharing agreement requirements are met.
- Test the effectiveness of operational and management controls using interviews document reviews and observation.
- Analyze assess report and present on audit findings risk exposure and recommendations.
- Support information security continuous monitoring and incident response programs.
- Perform related work as required.
Required Skills/Knowledge/Experience:
- Audit and compliance/information security/information technology experience or combination thereof, Required 8 Years
- Information Security control audit and assessment experience, Required 4 Years
- NIST 800-53 or other security framework, Required 4 Years
- Perform testing, analysis, reporting, and develop remediation plans for compliance with operational and management controls, Required 4 Years
- Develop and update policies, procedures, and documentation, Required 2 Years
- Healthcare, health insurance, or ACA, Desired 2 Years
- Industry recognized certification – CISA, CIA, GSNA, CISSP, or equivalent, Desired 2 Years
Proper email communication will only be done to and from @astyra.com email addresses. Please ensure you are communicating with approved Astyra recruiters by checking this point when receiving offers and messages from us. Please ensure you are communicating within these guidelines and proper channels for the quickest possible interview consideration!
#AC