Our client, a mid-sized fast growing enterprise cloud start-up in NYC, is looking to hire an IT Security Compliance Consultant for a long term engagement (contract to perm). The IT Security Compliance Analyst is responsible for assessing and documenting the company’s controls and risk posture as they relate to the its key business and technology processes, and to further ensure it’s cloud technology and information security are in compliance with US federal government standards (FedRamp). The purpose of this position is to provide highly skilled technical consulting expertise for development and implementation of the compliance program, specifically as it relates to FedRamp. Responsibilities require assessment of controls/processes against industry and FedRamp standards and applicable regulations; awareness and education; and development of policies, standards and guidelines.
Reporting Position: The IT Security Compliance consultant will report directly to the company’s Director of IT Compliance
Duties and Responsibilities
Policy/ IT/ Federal Government Compliance
Execute the system-wide IT compliance initiatives, ensuring IT activities, processes, and procedures meet defined industry and US federal government security requirements, policies and regulations (FedRamp)
Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
Perform internal control assessments against business processes to ensure operational effectively and sustainability
Establish compliance dashboards including key operational metrics and IT compliance risks
Assist organization with developing controls to remediate audit findings to prevent reoccurence
Interacts in both oral and written communications with all levels of the compliance, product and engineering teams, US federal government agencies, external auditors, and technology vendors and contractors, in matters related to compliance activities.
Support External Audit and external entities, including the US Federal Government and 3rd party assessment organizations, as appropriate on required IT cloud compliance control assessments and audits