Feb 19, 2020

Security Assessment and Privacy Lead

  • ERPi
  • Washington, DC, USA
Full-Time Business Consultant Management QA-Quality Control Strategy - Planning

Job Description

Overview

ERPi is a small business, dedicated to values of trust and integrity. Our mission is to deliver professional services as a trusted agent and expert enterprise program management services for Federal clients. At ERPi, we look for individuals who want to be a part of team and work collaboratively to offer creative solutions. Here you have the ability to experience a wide range of projects where you can gain experience and skill sets and share your ideas in an environment where employees are encouraged to grow, given more autonomy and empowered to enact change.
ERPi has been awarded a contract with the U.S. Securities and Exchange Commission (SEC) to provide the SEC Office of the Chief Information Officer (CIO) support in the development and implementation of Assessment and Documentation services for information privacy assurance. We are looking for an Privacy Assessment Lead (Information Systems (IS)) Auditor to support our team in creation of Privacy Controls Assessments (PCA) and Privacy Assessment Reports (PAR) for new and modified systems and projects against the SEC’s identified set of privacy controls.  The PCA should minimally include: System-Specific and Hybrid Privacy Control Testing; adherence to the SEC’s security and privacy program, policies and guidance; documentation review; personnel interviews; and observations. This work includes an assessment of risk levels, privacy information management, and remediation options to remove privacy risks.  Lead engagements with SEC system and business owners;

  • Plan, conduct, and oversee assessments of privacy controls;
  • Develop privacy control assessment plans;
  • Develop Privacy Assessment Reports (PAR) for said systems;
  • Maintain documentation for each assessed system.

Responsibilities

  • A Bachelor's and 10+ years of relevant experience, or a Master's and 8+ years of relevant experience, primarily within control assessment and reporting in the Federal environment
  • CISSP or CISA
  • Assessment management experience with information systems, and security and privacy controls
  • Strong oral and written communication skills (briefings, presentations, and training sessions)

      Desired Skills and Experience:

  • Certification(s) in Privacy (such as CIPP/US or CIPP/G);
  • Experience supporting customers in SEC is a plus;
  • Experience leading assessment teams;
  • Knowledgeable of the NIST Risk Management Framework (RMF);
  • Certified in Governance of Enterprise IT (CGEIT)

States

DC,   VA  

Security Clearance

Public Trust

Apply Now