Remote Information Security Risk and Compliance Senior Specialist

JOB DESCRIPTION:

• The purpose of this Information Security Risk Senior Specialist role is to support the Mercer Information Security Risk and Compliance function, with a focus on Federal and State Government Public Sector clients.
• Candidate will assist in the Information Security Risk Management process by reviewing, documenting, organizing, monitoring, tracking, and reporting on information security risks to address compliance and regulatory requirements while aligning with and supporting Mercer's risk posture.
• This role reports to the Information Security Risk and Compliance Leader.

RESPONSIBILITIES:

• Provide relevant technical and information security expertise and assistance with the completion of client requests for proposals (RFPs), questions, questionnaires, contract reviews, and audits.
• Provide insight and advice to key stakeholders to effectively manage information and cyber security risks across Mercer's technology platforms.
• Support Federal and State Government information and cyber security client engagement work.
• Work with Legal Staff to review information security-related documents and contracts to determine information security risks, communicate potential issues, propose mitigation options, and shepherd contracts to completion.
• Assist with information security-related compliance activities for CCPA, NYDFS, PCI-DSS and other regulatory and standard requirements.
• Serve as the information security liaison in support of Mercer Federal and State Government business teams and Mercer IT to review and provide security recommendations during development, design, and implementation of applications in compliance with NIST controls.
• Map company security policies and procedures to industry standards and regulatory requirements.
• Assist with data collection and creation of a System Security Plan.
• Participate in global level engagements on regulatory compliance hosted by Federal, State, and private entities.
• Assistance with creating proposed solutions for sophisticated security and compliance issues.

QUALIFICATIONS:

• A Bachelor's degree or equivalent work experience in information security, accountancy, audit, information systems, or other related field of study.
• Two or more years of work experience in IT audit, IT security, or IT risk management work.
• Basic understanding of risk concepts, including risk identification, evaluation, mitigation, and measurement.
• Familiarity of GDPR, PCI-DSS, HIPAA/HITECH, NIST, NYDFS, and other relevant information and cyber security and data protection regulations and standards.
• Strong communication, organizational skills, interpersonal, and collaborative skills.
• Proficient knowledge of Microsoft Office products including Excel, Word, and PowerPoint.
• Capable of handling a variety of ad-hoc requirements.
• Strong problem-solving skills with the ability to develop technical solutions to address security risks posed by Federal and State client work.
• Experience in a service-oriented organization serving many stakeholders.
• Detail-oriented and excels in a fast-paced dynamic environment.
• Working knowledge of Federal and State Compliance standards, regulations, and laws, (i.e., IRS Pub 1075, CMS MARS-E 2.2, CJIS, Social Security Administration, FCC, NACHA, etc.)
• Subject matter expert for regulatory compliance requirements necessary to safeguard data that supports the essential functions of Federal and State Government.

ADDITIONAL QUALIFICATIONS:

• Experience with Federal and State Government contracts, PCI-DSS and ISO27001 assessments a plus
• Security Certifications such as CISSP, CISA, CISM, CRISC, PCI-DSS ISA or QSA
• Experience working with Federal and State government entities as part of a large IT enterprise
• Strong interpersonal and communication skills
• Strong analytical skills and experience working in a complex environment
• Proven experience as a strong cross-group collaborator and team player

ABOUT: Mercer believes in building brighter futures by redefining the world of work, reshaping retirement, and investment outcomes, and unlocking real health and well-being. Mercer's more than 25,000 employees are based in 44 countries and the firm operates in over 130 countries. Mercer is a business of Our client (NYSE: MMC), the world's leading professional services firm in the areas of risk, strategy, and people, with 76,000 colleagues and annual revenue of $17 billion. Through its market-leading businesses including Our client, Guy Carpenter and Oliver Wyman, Our client helps clients navigate an increasingly dynamic and complex environment.

Skills : ,Information Security Risk,Federal and State Government,Government Work,CCPA,NYDFS,PCI-DSS,System Security Plan,IT audit,IT security,IT Risk Management,GDPR,HIPAA/HITECH,NIST,IRS Pub 1075,CMS MARS-E 2.2,CJIS,CISSP,CISA,CISM,CRISC