Compliance Management Officer

Req ID:261638

NTT DATA Services strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now.

We are currently seeking a Compliance Management Officer to join our team in Mc Lean, Virginia (US-VA), United States (US).

Description:

We are currently seeking a Mid-level InfoSec Compliance Management consultant with experience in identifying, analyzing and mitigating Security Risks to join our Information Security Team in Washington, DC, USA.

Positions General Duties:

• Provide an IV&V compliance function such that more finely focused assessments can be executed, truly enabling continuous control monitoring, and reducing reliance on ITSO's multi-year assessment schedule.
• Provide feedback and continue to update and review policies periodically, taking in feedback from the offices.
• Extend compliance efforts in enforcement of Vendor Risk Management (VRM), identifying potential security issues with vendors and their products early in the procurement lifecycle.
• Leverage Integrated Risk Management (IRM) capabilities to better align security risk to business risk, connect policies with controls, and streamline compliance to more clearly ascertain and enable monitoring of risk posture.
• Work with the Office of Compliance and Risk (OCR) to provide risk information to Enterprise Risk Management program.
• Facilitate improvements by developing documentation templates and coordinating efforts throughout the Offices for DR Plan documentation.
• Perform Testing, from tabletop exercises through to full-blown DR testing.
• Modify and review COO Info Sec IT Security Policies
• Create COO Info Sec IT Security Procedures, as needed.
• Perform IV&V assessments in support of the COO Offices, as needed.
• Create security interview questions and work with system SMEs to obtain responses to interview questions.
• Draft Control Implementation Statements (CIS).
• Inherit (leverage) controls from other systems/offer inheritance of controls to other systems using the current (system of record) compliance/assessment tool.
• Obtain system artifacts from system SMEs and post artifacts to the current (system of record) compliance/assessment tool.
• Perform updates of system control information to CSAM
• Modify POA&M metrics report to support changes that stem from CSAM, as needed.
• Generate the POA&M metrics report monthly.
• Support the ISO team on assessments of new systems, as needed.

Required Qualifications:

• 5 years of experience in IT security compliance (i.e auditing, Independent Verification and Validation (IV&V)/Third Party Assessment Organizations (3PAOs) experience, preferably for the federal government)
• 3 years developing System Security Plans (SSPs)
• 3 years of Cloud security experience
• 3 years of experience using the CSAM tool (software from the DOJ)
• Bachelor's Degree preferred but not required.

Preferred Qualifications

• Master's degree in computer science or a related field
• One or more of CISSP, CISM, CISA, Security+ or equivalent certifications
• Strong working knowledge of network topologies and protocols (such as TCP, UDP, TLS, SFTP, SMTP, NTP, NetBIOS and DHCP).

Where required by law, NTT DATA provides a reasonable range of compensation for specific roles. The starting pay range for this remote role is 100k to 150k. This range reflects the minimum and maximum target compensation for the position across all US locations. Actual compensation will depend on a number of factors, including the candidate's actual work location, relevant experience, technical skills, and other qualifications. This position may also be eligible for incentive compensation based on individual and/or company performance.

This position is eligible for company benefits including medical, dental, and vision insurance with an employer contribution, flexible spending or health savings account, life and AD&D insurance, short and long term disability coverage, paid time off, employee assistance, participation in a 401k program with company match, and additional voluntary or legally-required benefits.

#INDPUBLIC

About NTT DATA Services

NTT DATA Services is a recognized leader in IT and business services, including cloud, data and applications, headquartered in Texas. As part of NTT DATA, a $30 billion trusted global innovator with a combined global reach of over 80 countries, we help clients transform through business and technology consulting, industry and digital solutions, applications development and management, managed edge-to-cloud infrastructure services, BPO, systems integration and global data centers. We are committed to our clients' long-term success. Visit nttdata.com or LinkedIn to learn more.

NTT DATA Services is an equal opportunity employer and considers all applicants without regarding to race, color, religion, citizenship, national origin, ancestry, age, sex, sexual orientation, gender identity, genetic information, physical or mental disability, veteran or marital status, or any other characteristic protected by law. We are committed to creating a diverse and inclusive environment for all employees. If you need assistance or an accommodation due to a disability, please inform your recruiter so that we may connect you with the appropriate team.