Please share the Profile------- <[email protected]> [email protected]
Position :- Business Analyst With Compliance and Risk Location :-Washington, DC Duration :- 6+ Month Please help with two best resumes ASAP. Terms of Reference for an Information Technology Compliance Contractor Background/General Description: The ITS Information Security and Risk Management (ITSSR) unit, headed by the Chief Information Security Officer (CISO), is responsible for providing leadership in managing the functions and activities of information security and risk management across the World Bank Group, enabling the achievement of WBG’s business objectives. ITSSR enables and facilitates a risk aware culture, ensures that WBG information assets are protected in an effective, efficient, and balanced manner; and IT security and risk management efforts throughout the World Bank Group are coordinated and aligned to the Bank's business and IT strategy. ITSSR establishes and maintains the World Bank Group's IT and information security policies and standards; develops and engineers the WBG’s information security plans and solutions; responds to security incidents; and ensures that information risks are identified, assessed, and managed in a consistent manner with the overall risk management approach and established risk appetite and tolerance. ITSSR consists of the following units: 1) ITS Risk Management and Security Advisory, 2) Compliance, 3) Policy, 4) ITS Security Operations, and 5) Program Management Office (PMO).Duties and Accountability The primary responsibilities of include, but are not limited to, a combination of the following: · Assist in the development and implementation of sustainable compliance framework and processes in the WBG to meet IT policies, business requirements; and applicable legal and regulatory requirements; · Develop and maintain documented processes, process maps, standard operating procedures and relevant control matrices. · Validate IT key controls to identify control risks, analyze root causes and trends in potential control weaknesses. Suggest new controls to meet compliance standards where applicable. Develop prioritized implementation plans to address identified risks. · Conduct compliance assessments/reviews to ensure that WBG is in compliance with applicable control requirements. · Assist in ISO 27001 & ISO 20000 certification efforts including risk assessments, internal compliance assessments and scope expansion. · Perform and expand continuous monitoring processes to assess compliance with IT policies, and standards; · Assist in monitoring open audit items form audits such as WBG internal audit department (IAD) IT audits, external financial audits on Internal Controls over Financial Reporting (ICFR); and ISO 27001 & ISO 20000 certification audits to ensure execution of remedial activities defined in the agreed action plans and risk treatment plans; · Perform other duties in the compliance work program as assigned. Selection Criteria · Demonstrated experience in implementing compliance frameworks for financial services organization or organizations with similar information security needs and requirements; · Familiarity and understanding of broad range of IT hardware and software products; · Thorough understanding of industry standards and regulations including COBIT, COSO, and SOX; · Good knowledge and demonstrated work experience of the use of ISO 27001 control framework and Information Security Management System (ISMS) implementation; · Good knowledge and demonstrated work experience in the use of ISO 20000 control framework and IT Service Management implementation; · Demonstrated knowledge of IT and security controls for network, database, application and operating systems. Strong knowledge and work experience with logical access controls; · Thorough understanding of information security risk assessment frameworks including but not limited to those from ISO and NIST; · Knowledge of ERP and financial system including but not limited to SAP, PeopleSoft and Summit, enterprise GRC systems such as BWise and RSAM; · Possession of industry certifications highly preferred including, but not limited to Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) and Information Systems Security Management Professional (ISSMP); · Ability to work independently and within groups, Must be self-motivated and able to work independently with minimal supervision; · Possess excellent written and verbal communication skills, presentation, and problem solving skills and be able to interact well with peers and internal customers; · Highest ethical standards *Regards,* *Alok Kumar* *(Team Lead) * *Technology Resource Group* *3736 Hills-dale Court** Santa Clara, CA 95051* *[email protected]* <[email protected]> *Office 408-709-1760 EXT- 930 , Fax:- **408-884-2409* [image: Description: Description: Description: http://www.tresourceinc.com/images/logo.png] [image: Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: LinkedIn] <http://www.linkedin.com/home?trk=hb_logo> http://www.linkedin.com/profile/view?id=96798533&trk=tab_pro IM---kumaralok.recruiter Gtalk--- [email protected] -- You received this message because you are subscribed to the Google Groups "Oracle Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/oracle-users. For more options, visit https://groups.google.com/d/optout.
