Information Security Risk/ Audit Manager - Remote

About the position The Information Security Risk/Audit Manager plays a crucial role in supporting the information security program for state government healthcare information systems. This position serves as a central point of engagement for security and compliance related to company resources shared among state government solutions. The role requires a seasoned subject matter expert with a passion for security and compliance, excellent communication skills, and a leadership mindset to manage the latest threats and related laws and policies governing information security. Responsibilities • Facilitate planning internal and external assessments over shared services used by various government IT solutions. • Review all assessment evidence, assessment reports and remediation plans for assigned technology inventory; work with management to finalize issues, report content and remediation plans. • Make recommendations to improve the control design and operating effectiveness / efficiency or comply with company policies and legal / regulatory requirements. • Demonstrate and apply a clear understanding of various government control frameworks such as NIST, MARS-e, and IRS 1075. • Develop and maintain a collaborative, value-added relationship with all team members supporting your assigned technology inventory and assist with control education and interpretation. • Assist internal and external assessment teams with understanding day to day operating procedures within assigned inventory environments and ensure test approach matches. • Review policy and procedural updates as well as operating evidence and assess for compliance to defined controls. • Maintain documentation on assigned inventory indicating current compliance model and maturity in place as well as open remediation plans and recommendations. • Coordinate and participate in the continuous monitoring program of audits/assessments, penetration testing and vulnerability scanning. • Conduct vulnerability and POA&M management, remediation, and reporting to leadership and customers. • Look for opportunities to re-use assessment evidence and reduce the assessment burden on our internal partners. • Perform vendor validations over their compliance status to ensure they are meeting contractual obligations. Requirements • 4+ years of IT risk controls, IT internal audit, and/or public IT accounting experience • 2+ years of experience with evaluating system, network, or infrastructure security controls against requirements such as FISMA, NIST, MARS-E, HIPAA, SSA and IRS standards • 2+ years of prior experience working with internal and external customers developing, maintaining relationships and facilitating regulatory assessments • 2+ years of experience evaluating remediation activities against risk Nice-to-haves • IT security certifications (e.g. CISSP, CISA, CPA, and/or CIA certification) • Bachelor's degree in Management Information Systems (MIS), Computer Science, Accounting or related discipline • Current experience providing information security support to government clients • Proven specialized knowledge and experience with the implementation of the NIST Special Publication (SP) 800 family of publications, particularly those associated with the Risk Management Framework • Experience interacting & collaborating with a variety of stakeholders (other team members, internal customers, and executives) and be able to provide measurable results without authority Benefits • 401(k) matching • comprehensive benefits package • incentive and recognition programs • equity stock purchase Apply tot his job