AuditRisk Consultant

Position: Audit/Risk Consultant

Location: Tallahassee FL

Duration: Through 6/30/2025 may extend

Rate: Open

Interview: Video

Hybrid/Onsite/Remote: Onsite

Required skills:

Bachelors degree in computer science Information Systems

Business Administration or other related field and/or equivalent work experience

710 years of IT Audit experience

3 years of IT Risk Management lifecycle experience

3 years of handson technical experience (e.g. developer system administrator)

Experience working with NIST 80030 Risk Assessment Standard

Extensive experience with IT General Controls evaluation and design

Advanced skill level in business process mapping and documentation as well as policy and procedure development

Recent experience in Information Security with uptodate knowledge of the current threat landscape

Solid understanding of PCI DSS standards

Job Description

We are looking for a Program Analyst to responsible for the development and implementation of the IT security risk and audit strategy that perform information systems and business process risk assessments and evaluate the effectiveness of technical physical and administrative controls to identify control weakness. This position will be fulltime contract and onsite.

What Youll Do

• Perform PCI SOC2 ISO and applicable cybersecurity controlsrelated reviews to ensure that current new and technology infrastructure complies with these standards and Departments security policies
• Plan and perform IT security controls effectiveness
• Manage remediation efforts for the
• Identified gaps including assessment of new or enhanced implemented controls
• Maintain IT security risk and compliance matrix and performs management reporting including IT systems controls and business process risks to meet compliance requirements
• Provide risk mitigation strategies
• Maintain Third Party Risk Management Program (TPRM) and analyze SOC2 and other reporting including mapping to key IT security and compliance controls such as NIST PCI and COBIT
• Manage IT security vulnerabilities management program aligned with PCI and NIST standards
• Identifying and ranking the value sensitivity and criticality of the operations and assets that could be affected should a threat materialize to determine which operations and assets are the most important
• For the most critical and sensitive assets and operations estimating the potential losses or damage that could occur if a threat materializes including recovery costs
• Identifying costeffective actions to mitigate and reduce risk including implementing new organizational policies and procedures as well as the design of technical or physical controls
• Coordinating tracking and verifying remediation of audit findings
• Documenting the results and developing a plan of action and milestones for mitigating any identified risk
• Produce formal audit reports based on ISACA Audit Standards
• Promotes compliance with regulatory requirements (e.g. PCI DSS) and IT best practices

What Youll Need

Required:

• Bachelors degree in computer science Information Systems Business Administration or other related field and/or equivalent work experience
• 710 years of IT Audit experience
• 3 years of IT Risk Management lifecycle experience
• 3 years of handson technical experience (e.g. developer system administrator)
• Experience working with NIST 80030 Risk Assessment Standard
• Extensive experience with IT General Controls evaluation and design
• Advanced skill level in business process mapping and documentation as well as policy and procedure development
• Recent experience in Information Security with uptodate knowledge of th current threat landscape
• Solid understanding of PCI DSS standards

Preferred:

• CISA and CISSP certifications

Physical Demands

• Ability to safely and successfully perform the essential job functions consistent with the ADA and other federal state and local standards
• Sedentary work that involves sitting or remaining stationary most of the time with occasional need to move around the office to attend meetings etc.
• Ability to conduct repetitive tasks on a computer utilizing a mouse keyboard and monitor

audit,Risk,security