Security Risk And Compliance Consultant Jobs

Management of regulatory, internal or external audits, or experience as an auditor

Management or participation in Cybersecurity, Information Security, Risk, Compliance and/or Data Privacy Programs or Projects

Audit, risk or regulatory remediation management,

Change management related to regulatory adoption or compliance changes

Control design or maturation for high-demand technical areas such as ERP, Identity and Access Management, Business Continuity and Resiliency, Cloud

Experience across our service offerings

3+ years of experience working with the RMF Assessment Methodology, and extensive knowledge of the DoD Security A&A process

Experience as Facility Security Officer with DoD security requirements (FOCI mitigation, CFIUS, CUI)

Analyze cyber vulnerabilities, assessing system compliance against security controls, and developing risk mitigation plans and strategies

Current DoD approved 8570 baseline certification

Knowledge of DoD networks and architectures

Understanding of government classified and unclassified cloud capabilities (e.g. AWS GovCloud) and can articulate its security structure

Bachelor's degree in Risk Management, Finance, Business Administration, or related field; Master's degree preferred

Develop, implement, and manage an all-encompassing insurance program that aligns with the company's risk appetite and regulatory requirements

Analyze financial statements, credit reports, and market data to make informed risk assessments and provide recommendations to senior management

Professional certifications such as Certified Risk Manager (CRM), Certified Compliance & Ethics Professional (CCEP), or equivalent, are highly desirable

Proficiency in risk management software, data analysis tools, and Microsoft Office Suite

Collaborate with internal stakeholders to identify potential risks and liabilities and recommend appropriate insurance coverage

Work directly with engineering, operations and change management teams to implement solutions designs.

Work with management and the strategy team to define long term solution & environment roadmaps

Develop solutions that meet business and technical requirements for associated platforms.

Work with Security & Compliance teams to ensure products and associated applications meet requirements

Work to reduce tech debt; routinely look for and offer up rationalization proposals

Experience with TruPhone & Calero

Assist in the management of customer relationships to collaborate on the assessment of system audit compliance-related risk.

Conduct security assessments and ensure system compliance with contingency planning requirements.

Experience with Microsoft Office, including Word, Visio, Excel, PowerPoint, and Teams.

Previous experience supporting a federal or state government agency preferred, especially the Veterans Affairs.

Knowledge of the Internet of Things and/or medical device Cybersecurity.

Knowledge of the VHA Handbook 1200, the VA Handbooks and Directives, data security, governance, and/or HIPAA.

At least 3 to 5 years of IT Audit, SOX, or IT Security risk assessment experience

Solid knowledge of risk and security frameworks like NIST, ISO, and COSO

Experience working in a governance environment leveraging a risk and controls mindset.

1-3 years’ experience across IT domains such as application development, infrastructure, technical support and operations, or continuity of business

Key industry certifications such as CISA, CISM, CISSP, etc.

Experience across IT domains such as application development, infrastructure, technical support and operations, or continuity of business.

Work directly with engineering, operations and change management teams to implement solutions designs.

Work with management and the strategy team to define long term solution & environment roadmaps

Develop solutions that meet business and technical requirements for associated platforms.

Work with Security & Compliance teams to ensure products and associated applications meet requirements

Work to reduce tech debt; routinely look for and offer up rationalization proposals

Deep skill set related to Haivision, Appspace

Stay up-to-date with the latest AWS security services, features, and best practices, and share this knowledge with the team and clients.

Extensive experience working with AWS Cloud security services, including AWS Config, AWS CloudTrail, AWS Security Hub, and AWS GuardDuty.

Familiarity with security-related AWS services, such as AWS KMS, AWS WAF, AWS Secrets Manager, and AWS S3 encryption.

Relevant certifications such as AWS Certified Security – Specialty, CISSP, CISM, or CISA are highly desirable.

Experience in conducting risk assessments, vulnerability assessments, and security audits in cloud environments.

Strong analytical and problem-solving skills, with the ability to identify risks and develop effective mitigation strategies.

Communications skills – taking notes, gathering information, creating communications for presentation, public speaking, and polished.

Control and compliance experience – able to define control and risk - *required*.

Working knowledge of SQL and Tableau reporting.

Resource will be supporting Controls and Governance team within CEDA to support policy adherence.

Will be leading monthly data council meetings with 80-100 people to show observations around data to broader audience.

Work independently to gather info from customer complaint partners.

6+ years of program / project management experience in a tech/security environment.

Focused on great stakeholder management and client experience.

Familiarity with contemporary project, RFP, risk and issue management tools (such as Loopio, UpGuard and Hyperproof).

Work experience with SaaS product offerings.

Experience with metrics-driven reporting including dashboards and status report generation.

Past experience leading at least one compliance program such as SOC2, FedRAMP, NIST, HITECH or similar.

3 years complex program management experience.

Knowledge of sexual and reproductive health, as well as OSHA, CLIA, HIPAA and related guidelines and requirements a plus.

Demonstrated ability to use the computer including word processing, spreadsheets, data management and email software.

A minimum of 4 years of related work experience will be considered in lieu of a degree.

Detail oriented with demonstrated strong communication and organizational skills.

Demonstrated leadership, communication, and training skills in professional activities.

WTW provides a competitive benefit package which includes the following (eligibility requirements apply):

Contribute to develop a revenue generating consulting team

Help to prepare and present output data from the models to support actuarial analyses and wider Risk & Analytics consulting projects

Able to communicate scientific, statistical, mathematical, and financial concepts to non- technical audiences

Consistent record to understand regulatory concepts and convert them into relevant, practical, local business requirements.

Excellent advisory, communication and influencing skills.

The successful candidate will be a proven leader in area of compliance, with the following qualifications:

Understanding and application of FCPA, OFAC/Sanctions regulations, Privacy based principles, UDAAP and TCPA.

Ability to work effectively in a matrix structure that spans multiple functions, markets and legal entities.

Ability to get results, solutions oriented, through a strong sense of controls in changing and ambiguous situations.

Manage disaster recovery and business continuity plans and drills

8+ years of progressively responsible work experience in Security governance, risk, and compliance, security assurance, or third-party risk and customer trust

3+ years of experience in designing and developing automation

Experience developing and managing security policies and standards

Experience conducting vendor security reviews

Experience managing disaster recovery and business continuity programs

Be a self-starter and continuously define opportunities for improving risk management skills and leveraging internal and external knowledge-enhancing training.

Program manage these risk reviews and create progress monitoring and status reporting processes.

Demonstrated experience working in a rapidly changing and complex environment.

Remote Eligible In: Illinois, Indiana, Missouri, Florida, Georgia, Texas and Ohio

Support the company’s risk and compliance program and risk review processes to mature the FLOD program within Firstech environment.

Conduct regular reviews of policies and procedures. Recommend changes as appropriate and establish written procedures for company activities.

Bachelor's Degree in Business Studies, Accounting, Economics, or Management

Reviews and assesses risk management policies and protocols; makes recommendations and implements modifications and improvements.

Recommends and implements risk management solutions such as insurance, safety and security policies, business continuity plans, or recovery measures.

Prepare reports for senior management and external regulatory bodies as appropriate

3 - 5 Years of Experience

Conducts risk assessments, collecting and analyzing documentation, statistics, reports, and market trends.

Organizational and time management skills

Bachelor’s degree in finance, Accounting or Business-related discipline, or relevant amount of experience

Experience in applying legal and regulatory requirements to current business practices to identify potential gaps.

8-10 years of experience in the financial services industry

5+ years’ experience managing staff, contractors, and/or temporary employees.

Experience with the design or implementation of cross departmental processes as well as managing multiple projects simultaneously.

Experience working hands-on with cross-functional teams including legal, cybersecurity, data management, and IT.

Assists in preparing and conducting presentations to TIAA management teams regarding the organization's privacy risk and compliance programs.

Organizational skills to manage multiple project and task assignments, concurrently.

5+ years of relevant work experience in privacy, preferably in legal, risk or compliance.

7+ years of relevant work experience in privacy, preferably in legal, risk or compliance.

Bachelor’s degree or equivalent experience in risk or compliance.

Regulatory compliance consulting service engagements focused on initial and ongoing management of Information technology (IT) and information security.

Vendor Management/third-party risk assessment management.

Experience working within a Managed Service Provider (MSP) environment.

Ongoing education on FFIEC, FDIC, OCC, FRB, NCUA, SEC, SOX, GLBA and other regulatory agency guidance.

Obtain and maintain current industry-related compliance certifications and memberships.

May perform other job duties as assigned.