Jobs

Job List

Current Job Openings
____________________________________________________________________________________________________

BARR Advisory
(Virtual) Senior Consultant, Cyber Risk Advisor 
Interested applicants should send their cover letter and résumé to  lhannawald@barradvisory.com. 
Senior_Consultant__Cyber_Risk_Advisory_Job_Description__4_.pdf

_____________________________________________________________________________________________________
Cerner

Lead Governance, Risk & Compliance Security Analyst:

 The Lead Governance, Risk and Compliance Security Analyst will be on the front lines of our Cerner Next strategy as we build and drive our Cloud Security Compliance initiatives while integrating into the overall enterprise compliance program. They will help develop a security framework and controls strategy to meet Cerner’s regulatory and client compliance requirements. Additionally, they will lead in efforts to mature our security compliance program to a state of competitive advantage. 

 As a Lead Governance, Risk and Compliance Security Analyst you will lead a compliance program that will oversee the implementation of multiple compliance requirements across the organization, while working to minimize impact on lines of business. You will assist in the development of a Cerner Security Controls Framework based on Industry Standards (e.g. NIST 800-53, HITRUST, PCI, ISO). You will develop a strategy to maintain evidence and documentation to demonstrate Cerner’s compliance. You will develop relationships across organizations to execute and complete projects according to plan. You will influence organizational change to comply with requirements. You will facilitate and manage risk-based control remediation activities. Lastly, you will become trusted advisor / subject matter expert and effectively communicate with external auditors. 

 Basic Qualification 

  • Bachelor’s Degree in Information Systems, Computer Science, Engineering, CIS, MIS, Accounting or related field or equivalent work experience
  • At least 7 years of Information technology security programs, audits, assessments, risk, or remediation management work experience
  • At least 4 years of Privacy law, data protection/security regulations, and frameworks, such as BITS, HITRUST CSF, COBIT, NIST and ISO27002 work experience

 Preferred Qualifications 

  • At least 5 years of experience scoping and leading large-scale information security compliance programs in an enterprise setting
  • At least 2 years of experience using the Cloud Shared Responsibility model and integration of the model into a security compliance program
  • Prior experience implementing multiple frameworks & controls across an organization and minimize impact on lines of business
  • Prior experience leading the adoption of GRC technology for a compliance program
  • Relevant security certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CISMP (Certificate in Information Security Management Principles) a plus

 Expectations 

  • Willing to work additional or irregular hours as needed and allowed by local regulations
  • Work in accordance with corporate and organizational security policies and procedures, understand personal role in safeguarding corporate and client assets, and take appropriate action to prevent and report any compromises of security within scope of position
  • Perform other responsibilities as assigned


Senior Governance Risk and Compliance Analyst

 Being a member of Enterprise Security Governance Risk and Compliance team provides an exciting opportunity to be part of an innovative and dedicated team of security and audit professionals.

The Senior Governance, Risk & Compliance Analyst will be responsible for the security governance, risk management, and compliance across the enterprise. They will establish corporate security requirements by evaluating business strategies and requirements, researching information security standards, performing risk assessments, identifying integration issues, and provide recommendations for remediating identified risk. Additionally, they will lead the review and formal approval process for policy updates. Key responsibilities will be to ensure Information Security Policy and Standard documents meet or exceed industry standards, compliance requirements and customer/client expectations, coordinating internal and external audits and maintaining the Information Security Program documentation. 

 Basic Qualifications

  • Bachelor's degree in Information Systems, Computer Science, Engineering, Computer Information Systems, Management Information Systems, Accounting or related field or equivalent relevant work experience
  • At least 5 years in Information Technology security programs, audits, assessments, risk, or remediation management work experience
  • At least 2 years of Privacy law, data protection/security regulations, and frameworks, such as BITS, HiTrust, COBIT, NIST and ISO27002 work experience

Preferred Qualifications

  • Experience with information security risk management
  • Experience with data privacy/protection
  • Experience with ISO 31000, 27005, 27001, 270017, HIPAA, NIST 800-53, PCI DSS, SSAE 18and/or other risk-centric standards and frameworks
  • Internal or external IT audit experience a plus
  • Archer experience a plus
  • Cloud Security Alliance experience a plus
  • CRM (Certified Risk Manager), PRM (Professional Risk Manager), ISO 27005 Risk Manager, CRMA (Certification in Risk Management Assurance), CERA (Chartered enterprise Risk Analyst), CISA (Certified Information Systems Auditor) or other risk or audit credentials a plus
  • Security+, SANS GIAC, CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager) or CISMP (Certificate in Information Security Management Principles) a plus

 Expectations

  • Willing to work additional or irregular hours as needed and allowed by local regulations
  • Work in accordance with corporate and organizational security policies and procedures, understand personal role in safeguarding corporate and client assets, and take appropriate action to prevent and report any compromises of security within scope of position
  • Perform other responsibilities as assigned

Apply online: 

www.cerner.com




_____________________________________________________________________________________________________
Fidelity Security Life Insurance Company

ENTERPRISE RISK MANAGER
Position Summary

The Enterprise Risk Manager will plan and execute a blend of financial, operational, compliance and information technology reviews to support execution of the FSL Risk Framework and Methodology. This role will also participate in the creation and regular monthly enterprise dashboard and operational risk reporting. Additionally, this Manager serves a resource for best practices, standards and efficiencies in the day-to-day interaction with the business and oversees the daily activities of risk analysts

RISK ANALYST
Position Summary

The Operational Risk Analyst will execute a blend of financial, operational, compliance and information technology reviews to support execution of the FSL Risk Framework and Methodology. This role will participate in third party provider risk assessments, process and control reviews, and participate in regular monthly risk reporting. Additionally, this analyst serves a resource for best practices, standards and efficiencies in the day-to-day interaction with the business.

_____________________________________________________________________________________________________
Hallmark
SENIOR IT AUDITOR - The Internal Audit department offers a unique opportunity for team members to provide independent and effective assurance over the risks that threaten the achievement of Company objectives, and promote continuous improvement and partnering for management's success. We work with personnel throughout all of the business units and geographic locations of the Company. There is no better way to get exposure to all the Hallmark businesses than through Internal Audit!

The Internal Audit department functionally reports to the Audit Committee of Hallmark's Board of Directors, and administratively reports to the Chief Financial Officer. We create an annual audit plan and the primary areas of focus are as follows:
Compliance with generally accepted account principles (GAAP).
Compliance with Hallmark policies.
Evaluation of an area's internal controls.
Ways to add value to our clients.

This department is a great fit for someone looking for an opportunity to broaden their understanding of all Hallmark businesses, assist management with developing a strong control environment, and offer value-added solutions. Located in the Hallmark corporate offices, the Sr. Internal Auditor-IT (Information Technology), is responsible for leading, planning, and performing technology-related internal audits, and completing audit projects which evaluate:
1. the reliability, integrity, and security of technical operating information systems and processes
2. compliance with policies, plans, procedures, laws and regulations
3. the safeguarding of assets and the verification of those assets
4. opportunities to improve organizational efficiency and effectiveness

The Sr. Internal Auditor-IT is responsible for participating on audits and ensuring assigned work is completed on time. Responsibilities include audit planning, including scope and objective determination, interviewing, controls testing, preparation of work papers, and performing work that leads to logical conclusions. Additional responsibilities include drafting audit reports and effectively communicating in written and oral formats with a variety of business partners at all levels of the organization. The Sr. Internal Auditor-IT researches, develops, negotiates, and communicates viable technology and/or business process improvement solutions with audit clients. A high degree of autonomy and leadership is expected for this position. The ability to evaluate cyber-security controls, including analysis of related technical components, is required for this position. The Sr. Internal Auditor-IT is responsible for participating in the department’s annual and ongoing risk assessment planning used to establish an annual audit plan, which focuses on key business objectives for all of Hallmark’s businesses. The Sr. Internal Auditor-IT will also provide consulting support to ensure appropriate risks are identified and communicated, and will complete special projects as assigned.

APPLICATION INSTRUCTIONS: You must show how you meet the basic qualifications (listed below) in a resume or document you upload, or by completing the work experience and education application fields. Accepted file types are Microsoft Word (DOC or DOCX), PDF, HTML, or TXT. In compliance with the Immigration Reform and Control Act of 1986, Hallmark Cards, Inc. and its subsidiary companies will hire only individuals lawfully authorized to work in the United States. Hallmark does not generally provide sponsorship for employment. Employment by Hallmark is contingent upon the signing of the Employment Agreement, signing of an agreement to arbitrate in connection with the Hallmark Dispute Resolution Program, completing Form I-9 Employment Eligibility Verification, passing the urinalysis drug screen, education verification and satisfactory reference and background checks.

BASIC QUALIFICATIONS Bachelor's Degree Experience in one of the following areas in a technology environment: information security, data operations, application development, infrastructure management, identity/access management, or, change management. Professional experience with Excel, Word, and Powerpoint NOTE: 10-15% of domestic and international travel could be necessary in this position PREFERRED QUALIFICATIONS 3+ years Information Technology or Information Security experience Certified Information Systems Auditor (CISA) or Certified Internal Auditor (CIA) certification or Certified Information Systems Security Professional (CISSP) or cybersecurity education 3+ years IT auditing experience Understanding of Control Objectives for Information and Related Technologies (COBIT) and/or cybersecurity compliance practices Technology experience with exposure to IT general controls in the following areas: architecture/management/administration, asset management and software licensing, change management, project management/systems development, data center operations, customer/problem management, recoverability, telecommunications and email, systems management (mainframe, server, desktop), network management, database management, information security management, identity and access management, and physical security. Excellent written and oral communication skills, including interpersonal, presentation, conflict management, facilitation, interviewing, and diplomacy skills. Ability to work independently. Detail-oriented, with the ability to meet deadlines with expected results. Demonstrated desire and aptitude for enhancing knowledge in technology and audit areas. 

To apply visit Hallmark - Internal IT Auditor

_____________________________________________________________________________________________________ 

NIC 
SENIOR INTERNAL AUDITOR  - This position provides an opportunity for a motivated audit professional to make a strong contribution to the growing Internal Audit team. A strong candidate should have experience with information system (such as SSAE 18/SOC and IT General Controls) and financial (SOX) assessments and possess strong leadership skills and a desire to work in a very collaborative environment.
Essential Job Functions:
• Assist the Internal Audit Manager in executing information system, financial, operational and internal control assessments – specifically, SOX and SOC audits
• Assist in satisfying the requests of external auditors, as assigned
• Execute assigned “agile” audits in accordance with established methodology and within budgeted time frames
• 5-10% travel to conduct local business assessments
 
The full job description may be found here
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities 
Candidates may apply on NIC website or Linkedin