Job Description

Day to Day:

 Policy Development: Develop and maintain comprehensive IT security policies, standard operating procedures (SOPs), and guidelines in alignment with industry best practices, regulatory requirements, and organizational objectives.

  SOP Creation: Write and update detailed standard operating procedures (SOPs) for IT security processes, ensuring clarity, effectiveness, and adherence to compliance standards. Translate technical information into user-friendly documentation.

  Procedure Documentation: Document IT security procedures, workflows, and protocols to streamline operations and facilitate consistent execution across the organization. Ensure documentation is accessible and well-organized.

  Framework Review: Evaluate existing IT security frameworks such as the NIST Cybersecurity Framework, ISO 27001, HIPAA and HITRUST, to assess their effectiveness, relevance, and suitability for the organization's needs. Provide technical writing support for framework documentation and customization.

  Framework Customization: Customize and tailor IT security frameworks to fit the specific requirements and risk profile of the organization, ensuring maximum effectiveness and efficiency. Document customization processes and rationale.

  Metric Development: Design, develop, and implement key performance indicators (KPIs) and metrics to measure the effectiveness of IT security controls, processes, and policies. Create documentation explaining metric definitions and calculation methodologies.

  Metric Tracking: Regularly monitor and track IT security metrics and performance indicators, analyzing trends, identifying areas for improvement, and providing actionable management insights. Produce reports summarizing metric trends and analysis.

  Report Generation: Prepare monthly, quarterly, and annual reports on IT security metrics, incidents, compliance status, and risk posture for presentation to senior management, stakeholders, and regulatory bodies. Ensure reports are well-written and visually appealing.

  Training and Awareness: Develop and deliver IT security awareness training programs and materials for employees to enhance their understanding of security policies, procedures, and best practices. Create training materials and user guides.

  Continuous Improvement: Continuously assess and improve IT governance processes, policies, and procedures based on emerging threats, industry trends, and organizational feedback. Document process improvements and best practices.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com .

To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/ .

Skills and Requirements

Must Haves:

 At least 5 years of experience in IT security, Policy, and SOP writing.

 Current security compliance certification such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC) or System Security Certified Practitioner (SSCP)

 Experience with creating and maintaining IT audit control processes to assess the suitability and applicability of technical, managerial, and operational security controls against security and regulatory frameworks

 Experience with GRC systems or IRM systems for tracking and monitoring multiple systems and assessments against multiple frameworks

 Previous experience working with the HIPAA Security and Privacy Rules, as well as the HITRUST Common Security Framework (CSF)

 Experience with HIPPA, NIST, ISO 27001, and HITRUST including but not limited to the review and development of security documentation and templates such as Policies, SOPs, and Procedures. Familiarity with documentation tools and software, such as Microsoft Office Suite, Adobe Acrobat, markdown languages, etc., to create and maintain documentation effectively.

 Preferred but not required: Bachelors degree in management information systems, Computer Science.

 General understanding of IT infrastructure, operating systems, database, and application operations Previous experience in the advanced use of information security assessment techniques (e.g., vulnerability scanning, penetration testing, verification of application security, etc.)

 In-depth understanding of information security practices at all layers of the IT infrastructure, to include network, servers, databases, and applications null

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal employment opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment without regard to race, color, ethnicity, religion,sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military oruniformed service member status, or any other status or characteristic protected by applicable laws, regulations, andordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to HR@insightglobal.com.