Implement security controls, risk assessment framework, and program that aligns to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances department objectives
Develop cybersecurity policies and related documentation.
Evaluate risks and develops security standards, procedures, and controls to manage risks. Improves SAICO security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
Implements processes, such asGRC(governance, risk, and compliance), to automate and continuously monitor information security controls, exceptions, risks, testing.
Develop reporting metrics, dashboards, and evidence artifacts.
Define and document business process responsibilities and ownership of the controls inGRCtool. Schedules regular assessments and testing of effectiveness and efficiency of controls and createsGRCreports.
Updates security controls and supports all stakeholders on security controls covering internal assessments, regulations, and protecting Personally-Identifying Information (PII) data.
Performs and investigates internal and external information security risk and exceptions assessments. Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test results, phishing, and social engineering tests and attacks.
Documents and reports control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities.
Review, conduct or participate in audits of cyber programs and projects
Periodically review cybersecurity policies and related documents to comply with applicable legislation and regulation.
Analyze the organizations cybersecurity defense policies and configurations to evaluate compliance with regulations and organizational directives.
Provide an accurate technical evaluation of software applications, systems, or networks and document their compliance with agreed cybersecurity requirements.
Remain current on best practices and technological advancements, applicable privacy laws, regulations, and accreditation standards
