Certified Information Security Auditor

*Must live in PST- May be asked to travel to sites for audits*

• Lead, plan, and conduct periodic cyber and information security risk assessments and audits of third parties enterprise-wide.
• Identify, assess, and document cybersecurity risks for Customer and its suppliers.
• Partner with internal and external auditors to facilitate compliance audits and mitigate findings.
• Manage documentation (e.g., requesting, reviewing, preparing) for regulatory and compliance audits & assessments.
• Ensure compliance with applicable regulations (e.g., HIPAA, NYS DFS) and industry standards (e.g., NIST).
• Develop and maintain security policies, plans, charters, standards, and procedures.
• Promote security awareness through communication, training, and documentation.
• Develop and maintain dashboards to manage and communicate risk to relevant stakeholders.
• Develop and monitor metrics and prepare reports for senior management.
• Monitor the inventory for vendors and suppliers.
• Identify risks and recommend process improvements in the third-party risk management and supply chain program.
• Build strong partnerships and collaborate with cross-functional teams.
• Lead and execute third-party risk mitigation strategies and corrective action plans.
• Monitor and manage third-party risks using GRC and security tools.
• Stay current on developments in the industry and within the company.

*This is NOT open to third parties or hourly referral. Visa sponsorship is not available.*Romack is an equal opportunity employer and considers qualified applicants for employment without regard to race, color, creed, religion, national origin, sex, sexual orientation, gender identity and expression, age, disability, or Vietnam era, or other eligible veteran status, or any other protected factor

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

*Must live in PST- May be asked to travel to sites for audits*

• Lead, plan, and conduct periodic cyber and information security risk assessments and audits of third parties enterprise-wide.
• Identify, assess, and document cybersecurity risks for Customer and its suppliers.
• Partner with internal and external auditors to facilitate compliance audits and mitigate findings.
• Manage documentation (e.g., requesting, reviewing, preparing) for regulatory and compliance audits & assessments.
• Ensure compliance with applicable regulations (e.g., HIPAA, NYS DFS) and industry standards (e.g., NIST).
• Develop and maintain security policies, plans, charters, standards, and procedures.
• Promote security awareness through communication, training, and documentation.
• Develop and maintain dashboards to manage and communicate risk to relevant stakeholders.
• Develop and monitor metrics and prepare reports for senior management.
• Monitor the inventory for vendors and suppliers.
• Identify risks and recommend process improvements in the third-party risk management and supply chain program.
• Build strong partnerships and collaborate with cross-functional teams.
• Lead and execute third-party risk mitigation strategies and corrective action plans.
• Monitor and manage third-party risks using GRC and security tools.
• Stay current on developments in the industry and within the company.

*This is NOT open to third parties or hourly referral. Visa sponsorship is not available.*Romack is an equal opportunity employer and considers qualified applicants for employment without regard to race, color, creed, religion, national origin, sex, sexual orientation, gender identity and expression, age, disability, or Vietnam era, or other eligible veteran status, or any other protected factor

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.