TMF Health Quality Institute 2016:130: Information Security Risk and Compliance Analyst II in Austin, Texas
2016:130: Information Security Risk and Compliance Analyst II
Performs highly complex (senior-level) information technology compliance work. Provides guidance, expertise, and internal consultancy in Information Technology (IT) compliance through effective and efficient application of the regulatory requirements. Ensures the organization is applying the appropriate amount of security controls as determined by company strategy and regulators. Works under limited supervision, with moderate latitude for the use of initiative and independent judgement.
Essential Responsibilities: Provides leadership and subject matter expertise to drive effective and efficient IT compliance with Federal Information Security Management Act (FISMA) and National Institute of Standards and Technology (NIST) 800-53 controls. Liaises, coordinates and engages with external and internal stakeholders on all IT audit and security assessment activities, and facilitate with all stakeholders on the preparation and presentation of appropriate examination materials. Supports in the documentation preparation & ongoing maintenance of all IT audit, assessment, and plan of action plan materials. Provides internal consultative and partnership support to IT and other staff to develop secure processes and technology in compliance with FISMA, Centers for Medicare & Medicaid Services (CMS) Information Security Acceptable Risk Safeguards (ARS), NIST 800-53, and any other related programs. Manages and facilitates IT security risk and exception management processes in accordance with company policies. Serves as the point of contact for compliance requirements, audit tracking, and remediation activities, and also the intake recipient of risk management processes. Executes compliance processes to support and maintain FISMA/CMS accreditation. Promotes, sponsors, and recommends IT compliance processes, projects and programs to support and maintain company compliance with FISMA and other regulatory compliance frameworks as needed. Participates in special projects and performs other duties as assigned.
Minimum Qualifications Education Bachelor's degree from an accredited college or university in business, computer science, accounting, finance, or related disciplineo Additional experience in IT audit program preparation, risk assessments, integrated audit approaches, and evaluation of internal controls or other related areas may be substituted for Bachelor s degree on a year per year basis. (Experience requirements may be satisfied by full-time experience or the prorated part-time equivalent.)
Certification Professional Security certification, such as CISSP, CISA, or CIA, preferred
Experience Three (3) years IT audit program preparation, risk assessments, integrated audit approaches, and evaluation of internal controls Facilitating compliance with FISMA and NIST SP800 family of standards and guidelines, preferred GRC platforms experience, preferred Big 4 accounting firm or previous role within a similar organization, preferred
Knowledge, Skills and Abilities
Considerable knowledge of Program/project planning, development and management methodologies Information security systems planning and support operations Information security development using analysis, design and documentation methodologies Business continuity planning, auditing, and risk management
Working knowledge of Federal Information Security requirements, standards, and guidelines such as NIST, FIPS, and FISMA Applicable computer software applications and hardware Management Information Security Systems Capabilities and limitations of equipment Applicable laws, rules and regulations
Expert skill in Analyzing and organizing technical data Communicating complex ideas and information clearly, concisely and effectively Conveying technical information to technical and non-technical audiences
Proficient skill in Anticipating and adjusting for problems/roadblocks Contributing to/guiding groups in defining objectives, staying on task and reaching consensus; soliciting participation, challenging ideas and summarizing accomplishments and planned actions Evaluating results and making necessary adjustments to meet deadlines Planning methods, techniques and strategies Developing and giving presentations Interpreting and analyzing legislation, rules and regulations Facilitating groups using effective communication methods Maintaining effective working relationships with individuals and groups Persuasion and negotiation of critical issues The use of personal computers and applicable programs, applications and systems
Ability to Multitask and meet deadlines Exercise logic and reasoning to define problems, establish facts and draw valid conclusions Make decisions that support business objectives and goals Identify and resolve problems or refer issues appropriately Communicate effectively verbally and in writing Adapt to the needs of internal and external customers Show integrity and ethical behavior; respect confidentiality, business ethics and organizational standards Assure compliance with regulatory, contractual and accreditation entries
Work EnvironmentRequires working in an office/cubicle environment; sitting, standing, walking, bending, twisting and/or reaching. Requires repetitive movement; ability to lift, carry or move up to 25 lbs. when transporting work equipment or materials. May require ability to operate a motor vehicle; the ability to travel by motor vehicle and commercial airline. May require overnight travel.