Position Description:
• Support the implementation and ongoing cadence of the GRC Component Assessment and Control Testing Processes to internal defense personnel and project teams.
• Create and publish supporting documentation for new/updated processes.
• Create and deliver audience specific training and communications for new/updated processes to IT and Business partners.
• Work effectively with cross-functional and cross regional stakeholders with varying levels of business/technical skills.
• Collect sufficient quantitative and qualitative data to accurately describe the current state, desired state, and root cause(s) of gaps, with guidance from others.
• Analyze the future needs of customers and the enterprise, and translate these actions to enhance and mature the GRC program.
• Address potential business/financial impacts, inter-related systems and risks associated with new processes and approaches.
• Identify risks and issues across the multiple projects that form complex programs and large projects and support their mitigation.
• Engage stakeholders to gain consensus on shared vision of project outcomes. (link removed) Anticipate up and down stream impacts and predicts/addresses obstacles.
• Identify and assist in the resolution of conflicting business goals and systemic issues to enable business value realization.
• Propose corrective actions to address management and governance problems within the program or project.
Skills / Experience Required:
• 3-5 years experience in risk management
• 3-5 years experience working with control assessment and testing processes.
• 3-5 years experience working with ISO 27001/2 standards, Information Security policies, risks and controls.
• Excellent verbal and written communication.
Experience Preferred:
• Process Improvement mindset.
• Knowledge of Application Development lifecycles.
• Self-Starter who can work in ambiguous situations and drive to a solution.
• Strong organizational skills; able to advance multiple work streams concurrently.
• Prior experience working on Governance, Risk and Compliance (GRC) tool would be a plus.
• Able to function as a delivery lead for key program elements associated with the position.
• Understanding of Compliance and Regulatory requirements e.g. (S-Ox, HIPAA, GLBA etc.).
Education Required:
• B.S. Information Systems, Computer Science or equivalent work experience in the requested field