Note: Need H1B Copy Mandatory,
*** Resumes lacking these skills will be rejected ***
*Travel within USA for onsite risk assessments required. Travel Required :
Up to 50% *
*What is the specific title of the position? *
*Sr. IT Security Consultant - Vendor Information Security Risk Assessment
*Is this person a sole contributor or part of a team? *
Part of a team
*If so, please describe the team? *(Name of team, size of team, etc.)
Reporting to the VISRA Team, the individual will act as a liaison & SME for
internal departments & vendors to successfully perform Onsite Risk
Assessments in USA. We leverage HITRUST CSF Version 7.0 for our program.
*What are the top 5-10 responsibilities for this position? (Please be
detailed as to what the candidate is expected to do or complete on a daily
• Perform and manage Onsite Risk Assessments as per process documents
• Ensure vendor compliance to the business agreement, policies, procedures,
& regulations along with ability to map controls and compliance requirements
• Review vendor supplied policies & procedures, internal/external
assessment reports, agreements and provide feedback
• Provision assessment reports and executive summaries with recommendations
& direction regarding remediation efforts and disposition of the third party
• Communicate, escalate, and track vendor progress on assessment
• Act as a liaison & SME for internal departments & vendors to successfully
manage Vendor Risk Assessment
• Understand information security risks that are inherent to a business and
articulate those risks in business terms
• Maintain current knowledge on information security topics and their
applicability program requirements
• Engage VRO regarding any delays/deviations during remediation
What software tools/skills are needed to perform these daily
• Advance level experience in MS Word, MS Excel, and MS PowerPoint etc.
*What skills/attributes are a must have? *
• Experience working with senior levels of management
• Good follow-up skills and detail oriented
• Security expertise including knowledge on different security risk
assessment frameworks (NIST/Octave), standards
(ISO27001/HITRUST/ITIL/Cobit), and act such as (HIPAA/GLBA).
• Experience in examining the SSAE 16 Audit report
• Knowledge and understanding of different security products (web/email
filtering, disk encryption, IDS/IPS, antivirus, DLP, firewall etc.)
• Knowledge of software development methodologies, application security,
and OWASP Top 10 guidelines
• Ability to document assessment work papers and preparing assessment report
• Ability to manage vendor assessment independently with minimal supervision
• Strong Communication and Presentation Skills
*What skills/attributes are nice to have? *
• Possess good project management skills
*Vijay* *|* *Ph:* 972-256-8187 *|email: * vij...@techstargroup.com
<j...@conglomerateit.com>* | |* *Techstar Group Inc*.* |*
You received this message because you are subscribed to the Google Groups "SAP
or Oracle Financials" group.
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to firstname.lastname@example.org.
Visit this group at https://groups.google.com/group/sap-or-oracle-financials.
For more options, visit https://groups.google.com/d/optout.