W1siziisimnvbxbpbgvkx3rozw1lx2fzc2v0cy9rdwfsaxr5ifn0ywzmaw5nieftzxjpy2evanbnl2jhbm5lci1kzwzhdwx0lmpwzyjdxq

IT-Subject Matter Expert-Contractor

  • Location

    Atlanta, United States

  • Sector:

    Technical

  • Job type:

    Contract

  • Contact:

    Leric Arcigal

  • Job ref:

    20433

  • Published:

    over 1 year ago

  • Expiry date:

    2020-07-18

HM- Thanh-Thien Nguyen * Remote up to 50% * Up to 10% travel required * Preferred: CISA, CISM, QSA, ISA, HITRUST CSF or comparable certification. The Vendor Risk Management (VRM) function provides subject matter expertise, guidance, and assessment services to identify and manage risks associated with third-party service providers at Kaiser Permanente. This function ensures that these third-party service providers have controls that are adequately designed, implemented or remediated to meet KP control requirements and SOX, HIPAA, PCI, and internal policy compliance expectations. The VRM Compliance Consultant is an individual contributor on the VRM team. This role will support implementation of VRM processes and provide consultancy expertise in support a comprehensive and integrated program that manages vendor risks and monitors adequacy of vendor controls to sustain compliance of KP Vendors. As an augmented professional resource to the VRM team, the Consultant will partner with business and other technology constituencies to address vendor-related risks throughout the vendor lifecycle. This role also collects, analyzes, and reports performance metrics using company software and reporting tools and manages largescale VRM engagements from planning to completion. Essential Responsibilities * In support of the VRM process, serves as a lead through a series of strategic and tactical activities to deliver on expected VRM results. Perform duties covering the full-span of vendor life-cycle include but not limited to: data gathering to establish a centralized Vendor Inventory across KP enterprise, determining and categorizing vendor service types, conducting vendor service risk profile for risk rating, assessing vendors control environment for compliance with privacy and security requirements, reporting assessment results and ensuring risk remediation/acceptance, and on-going monitoring of vendors providing high-risk services to manage potential exposure of KP data and security breaches. * Provides consultancy services to business and project teams evaluating new vendor services and/or introducing new technologies to KP environments. * Collaborates with team members to continuously improve VRM tools and processes to meet department objectives, applying creative solutions to address issues with people, processes, technologies. * Supports development, implementation, and maintenance of vendor risk and compliance documentation and procedures. * Plans and manages assigned program work streams to their conclusion, providing regular status updates, communicating with key stakeholders and partners, identifying issues and manage to resolution, and ensuring quality deliverables. * Collects, analyzes, and reports performance metrics using company software and reporting tools. * Demonstrates ability to develop executive reports and deliver presentation to executives and leaders. * Demonstrates knowledge and experience with auditing techniques and remediation strategies, with ability to clearly document assessment results, and conclusions drawn. * Exhibit ethical behaviors in self and encourage others in accordance to the Principles of Responsibility; adheres to organizational policies and guidelines; supports compliance initiatives; maintains confidences; admits mistakes; conducts business with honesty; shows consistency in words and actions; follows through on commitments. JOB QUALIFICATIONS Minimum Qualifications (The minimum required: years of job experience, education or degree, license, certification, registration, designation as well as all knowledge, skills, and abilities required for this position). * Minimum four (4) years in an informal leadership role working with business or technical teams. * Minimum eight (8) years of work experience in IT risk management, compliance, or information security. Additional equivalent work experience may be substituted for the degree requirement. * Bachelor's Degree in MIS, Information Security, Accounting, Finance, or related field, Preferred Qualifications (For each role - a defined number of the following preferred qualifications may apply: years of job experience, education or degree, license, certification, registration or designation, knowledge, skills and abilities). * Eight (8) years of work experience in a role that required: o interacting with executive leadership (e.g., Vice President level and above) o writing IT Risk Management (ITRM) documentation and assessment reports o implementing IT compliance frameworks or ITRM methodologies o managing audit and/or compliance projects o working in a large matrixed organization o experience in the development and delivery of ITRM metrics and reporting * Master's Degree in MIS, Information Security, Accounting, Finance, or related field. * CISSP, CISA, CISM, QSA, ISA or comparable certification. Top Daily Responsibilities: 1. In support of the Vendor Risk Management (VRM) process, serves as a lead through a series of strategic and tactical activities to deliver on expected VRM results. 2. Perform duties covering the full-span of vendor life-cycle include but not limited to: data gathering to establish a centralized Vendor Inventory across KP enterprise, determining and categorizing vendor service types, conducting vendor service risk profile for risk rating, assessing vendors control environment for compliance with privacy and security requirements, reporting assessment results and ensuring risk remediation/acceptance, and on-going monitoring of vendors providing high-risk services to manage potential exposure of KP data and security breaches. 3. Provides consultancy services to business and project teams evaluating new vendor services and/or introducing new technologies to KP environments. 4. Collaborates with team members to continuously improve VRM tools and processes to meet department objectives, applying creative solutions to address issues with people, processes, technologies. 5. Supports development, implementation, and maintenance of vendor risk and compliance documentation and procedures. 6. Plans and manages assigned program work streams to their conclusion, providing regular status updates, communicating with key stakeholders and partners, identifying issues and manage to resolution, and ensuring quality deliverables. 7. Collects, analyzes, and reports performance metrics using company software and reporting tools. Skills a Top Candidate Should Have: 1. Vendor Management Lifecycle and Risk Management knowledge & experience 2. IT Audit Background - Security and Compliance Controls Assessment 3. Experience with IT audit frameworks (e.g., IS27001/2, NIST, COSO, etc.) 4. Experience in working & presenting to management/leadership 5. BA/BS Degree Desired Skills: 1. Demonstrates project management and time management skills 2. Demonstrates ability to develop executive reports and deliver presentation to executives and leaders. 3. Demonstrates knowledge and experience with auditing techniques and remediation strategies, with ability to clearly document assessment results, and conclusions drawn. Soft Skills: 1. Exhibit ethical behaviors in self and encourage others in accordance to the KP Principles of Responsibility; adheres to organizational policies and guidelines; supports compliance initiatives; maintains confidences; admits mistakes; conducts business with honesty; shows consistency in words and actions; follows through on commitments. 2. Self-motivate, team player, problem solver (No Value)