York is hiring! We are currently seeking aGRC/Vendor Risk Management Analyst that meets the below requirements for a contract opportunity with a client in the pharmaceutical industry.
- On Site in Saint Paul, MN - must be local to MN
- Rate: up to $49/hr
Position/Project Overview:
The GRC/Vendor Risk Management Analyst supports cybersecurity operations by designing, developing or recommending secure technical solutions, including policy, standards, applications, systems, architectures, and infrastructure that are operationally viable and efficient. Ensure appropriate application of security products and technologies to protect the organizations systems and information and enable achievement of the organizations objectives. Manage and design innovative integration of cybersecurity toolsets to enable more automated discovery, remediation, and alerting of network and device vulnerabilities, as a means of improving the security posture. Perform analysis of emerging technologies and design and build architectures and solutions to enable secure implementation of new technologies.
Team: Cyber team of about 11
Responsibilities:
- Develop a risk-based cyber security program which meets regulatory requirements and aligns with industry leading information security practices.
- Perform threat identification and mitigation activities using industry leading security controls and tools sets.
- Advance the Company's cyber threat and vulnerability management program to ensure consistent identification, analysis, response, and monitoring of cyber security threats, events, and vulnerabilities.
- Assess threats to the business and deploy countermeasures for those threats.
- Collaborate with business units, application development teams, and third-party vendors to achieve program requirements while enabling the business.
- Apply technical knowledge to protect the Company against cyber threats (e.g., knowledge of firewalls, intrusion detection and prevention systems, data loss prevention solutions, endpoint protections, log aggregation technology and other leading-edge security technologies).
- Facilitate cross team coordination to achieve defined security goals as well as meet technical requirements in support of detailed implementation plans for security projects.
- Manage security projects to ensure the timely, on budget, and effective implementation of cyber security improvements that are operationally supported with validation methods in place to measure effectiveness.
- Perform assessment of cyber security incidents to identify the root cause, respond, and recover the environment.
- Develop strategies, policy and standards to protect company information and technology assets.
- Manage capital and operational expense budgets to ensure accurate forecasting and administration.
Required Experiences:
- At least 3 years of experience but typically 7-10 years is ideal
- Possess expertise in valuing and implementing industry standards such as the ISO 27001/2, SOC 2, HITRUST and FedRAMP Information Security standard and the ISO 22301 Business Continuity Standard.
- Experience with implementation and operational use of GRC tool sets (Governance Risk and Compliance).
- Possess CISSP certification (or similar) and be knowledge of national and international regulatory compliances and frameworks such as ISO, SOX, BASEL II, EU DPD, HIPAA, and PCI DSS.
Education:
Bachelor's Degree in Business, Computer Science or related field (nice to have)
Why York?
For more than 20 years, York Solutions has been singularly focused on delivering value to its clients in the form of IT contract resource selection, deployment, and management.
Our mission is to provide creative, cutting-edge IT solutions to help companies achieve business, technology, and operational goals and objectives. We believe strongly in creating a true partnership approach with our clients and consultants that fosters a long-term, trust-based relationship.
York is committed to providing high-level service and value to our clients and consultants. In that vein, York Solutions has developed a peer-to-peer professional development association called “Think IT” that we are often told by members, is “second to none.” This association consists of well over 2,400 members in 7 different groups from the local IT leadership and technical community within the Twin Cities, as well as over 650 members in Chicago.
In addition to monthly group meetings encompassing all aspects of IT technical and leadership principles, members of Think IT Association are able to participate in a comprehensive mentorship program for all IT resources, from the highly technical to the most senior leadership talent. This program is designed to assist all levels of IT professionals in achieving their career goals.
York is committed to putting our clients and consultants first at all times. It is for that reason and that reason alone that we are considered as trusted advisors to both parties!
