Controls Scoping Advisor (Hybrid Multiple Locations) - Conexess Group : Job Details

Our History:From our start in 2009, Conexess has established itself in 3 markets, employing nearly 200+ individuals nation-wide. Operating in over 15 states, our client base ranges from Fortune 500/1000 companies to mid-small range companies. For the majority of the mid-small range companies, we are exclusively used due to our outstanding staffing track record.Who We Are:Conexess is a full-service staffing firm offering contract, contract-to hire, and direct placements. We have a wide range of recruiting capabilities extending from help desk technicians to CIOs. We are also capable of offering project-based work.Conexess Group is aiding a large healthcare client in their search for a Controls Scoping Advisor in a hybrid capacity. This is a long-term opportunity with a competitive compensation package.

• This is a hybrid position requiring a candidate local to one of the following locations:
• Bloomfield, CT
• St. Louis, MO
• Philadelphia, PA

Oboarding/training the worker would be required to be onsite 5 days a week and then can move to a 3 day in office schedule**Responsibilities:

• Partners with the enterprise to develop and implement security solutions and capabilities that are aligned with business, technology and threat drivers.
• Performs critical security reviews of application and systems on enterprise projects.
• Performs focused risks assessments of existing or new services and technologies, security architecture, identifies design gaps, risks, and recommends security enhancements.
• Reviews design artifacts like Network diagram, data flow diagram, scan reports and provides feedback and guidance.
• Assists project teams in the implementation of security measures to meet corporate security policies, standards and external regulations, e.g., Sarbanes-Oxley, HIPAA.
• Maintains appropriate security documentation for applications and systems.
• Communicates risk assessment findings to information security customers or business partners.
• Serves as an Information security expert and trusted advisor to partners in IT and the business to enable them to make informed risk management decisions.
• Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing residual risk.
• Maintains strong working relationships with individuals and groups involved in managing information risks across the organization.
• Stays up-to-date on current and emerging security threats and designs security architectures to mitigate them.

Qualifications:

• BS or MA/MS in Computer Science, Information Security, or a related field is preferred OR equivalent work experience with the preferred certifications outlined below:
• Certified Information Systems Security Professional (CISSP), Certified Cloud Information Professional (CCSP), Certified Information Security Manager (CISM), and/or Certified Risk and Information Systems Control (CRISC), Security+, Network+, etc.
• Strong Communication skills, ability to speak to and document risks and possible solutions, and clearly articulate these to the business in laymen's terms if necessary.
• Experience of working in an agile environment and Secure Software Development Lifecycle (SSDLC) Working knowledge or understanding of following technologies/solutions/methodologies:
• Secure application architecture design and review Secure web services and mobile app design and review Encryption, hashing and key management Multifactor authentication, logging and vulnerability management
• Cloud Computing (AWS, Azure, Google, Private) OpenStack, ACI, OpenShift, Docker Static and dynamic code scans