Governance, Risk, and Compliance ( GRC) Consultant

Posted: 3 months ago

· Information Security Strategy and Risk Management
· Information Security Policies, Procedures and Best Practices
· Enterprise Security Monitoring and Compliance
· Security Information and Event Management System (SEIM) implementation and configuration
· Incident Management and Response
· Vulnerability and Patch Management
· Mobile Device Management Deployment
· Database Information Security Controls
· Identity Management
· Privileged Access Management
· Data Level Protection (DLP)
· Secure Application Development Support and Training
· Information Security Audit and Test Support
· Third Party Security Reviews
· Data Classification
· IT Records Retention
· Customer Cyber Security Awareness

· Advanced training and cyber security certifications a plus.
· 10 plus Years in the information security field.
· Knowledge or training in security appliances, software, networks, hardware, etc.
· Understanding of frameworks and standards, such as SANS Institute Critical Security Controls, ISO/IEC 27001/2, COBIT 5, NIST and Risk Management Frameworks, as well as Privacy Act and other rules and regulations.
· Understanding of cyber-security principles such as encryption ports, protocols & services, policies, procedures, physical security, risk management, configuration management, ethics, access control, security architecture, continuity of operations, contingency planning, application security, etc.