Full-Time Remote PART-TIME position: approximately 10 hours/week. Must be able to attend occassional on-site meetings.Description:Security Analyst to analyze security posture ratings for 61+ Online Driver Training Organizations licensed to operate by the client.The client will provide access to the Third-Party Risk Management (TPRM) tool, Bitsight, and the assessment communication tool, OneTrust.This position will function as part-time Cyber Security Consultant with specific responsibilities that include:1. Review initial security assessment provided by online driver training companies at the time of application.a. The client to provide the security assessment questionnaireb. Security Consultant to validate the security assessment is accurately and thoroughly completed2. Review updated security assessment provided by online driver training companies for submission of changes of security controls.3. Document and address concerns or clarifications needed for the security assessment review with the online driver education companies.a. Security Consultant to compare responses against the assessment and industry standards4. Review online driver training company annual attestations of compliance.a. Security Consultant to validate the security assessment is accurately and thoroughly completedb. Security Consultant to communicate any deficiencies in annual attestation to the online driver training company and facilitate the accurate completion of the attestation of compliance.5. Contact and work with Bitsight to configure monitoring parameters. Use Bitsight functionality to direct the findings and remediation recommendations to the online driver training company.6. Discuss findings with online driver training companya. Security Consultant will use OneTrust as the Governance Risk and Compliance (GRC) tool to assess and communicateb. Security Consultant does NOT assist the online driver training company determine corrective path of action.7. Upon complaint for investigation, including but not limited to, reviewing updated monitoring results to confirm no falsification or other violation has occurred.8. Run Bitsight reports and provide the information the business needs for administrative action. Communicate with client Driver Training Program Office on a consistent basis with status updates.9. Monitor upcoming changes to the controls and communicate with the Driver Training Program Office with the specifics.10. May need to provide testimony at administrative hearings. Any testimony is based on processes and expertise on security controls, if needed.Skill - Required / Desired - Amount of ExperienceExperience with Cybersecurity frameworks (NIST CSF, ISO 27001), Third-party risk assessment, Vendor Management, Data Privacy - Required - 3 YearsVulnerability management experience - Required - 3 YearsUtilize Bitsight security ratings to assess driving school security posture - Required - 3 YearsDaily or weekly tracking of vendor security ratings in Bitsight to detect drops in security performance - Required - 3 YearsGenerate automated reports and dashboards for business highlighting provider risk exposure and their security control effectiveness - Required - 3 YearsManage remediation plans within the GRC OneTrust to closure. - Required - 3 YearsNotes:This is a fully remote position, and other employment is permitted (candidate must be able to dedicate approximately 10 hours per week analyzing and communicating results).This work can be done at any time, including nights and weekends.Full-Time Remote PART-TIME position: approximately 10 hours/week. Must be able to attend occassional on-site meetings.VIVA is an equal opportunity employer. All qualified applicants have an equal opportunity for placement, and all employees have an equal opportunity to develop on the job. This means that VIVA will not discriminate against any employee or qualified applicant on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status
Description:Security Analyst to analyze security posture ratings for 61+ Online Driver Training Organizations licensed to operate by the client.The client will provide access to the Third-Party Risk Management (TPRM) tool, Bitsight, and the assessment communication tool, OneTrust.This position will function as part-time Cyber Security Consultant with specific responsibilities that include:1. Review initial security assessment provided by online driver training companies at the time of application.a. The client to provide the security assessment questionnaireb. Security Consultant to validate the security assessment is accurately and thoroughly completed2. Review updated security assessment provided by online driver training companies for submission of changes of security controls.3. Document and address concerns or clarifications needed for the security assessment review with the online driver education companies.a. Security Consultant to compare responses against the assessment and industry standards4. Review online driver training company annual attestations of compliance.a. Security Consultant to validate the security assessment is accurately and thoroughly completedb. Security Consultant to communicate any deficiencies in annual attestation to the online driver training company and facilitate the accurate completion of the attestation of compliance.5. Contact and work with Bitsight to configure monitoring parameters. Use Bitsight functionality to direct the findings and remediation recommendations to the online driver training company.6. Discuss findings with online driver training companya. Security Consultant will use OneTrust as the Governance Risk and Compliance (GRC) tool to assess and communicateb. Security Consultant does NOT assist the online driver training company determine corrective path of action.7. Upon complaint for investigation, including but not limited to, reviewing updated monitoring results to confirm no falsification or other violation has occurred.8. Run Bitsight reports and provide the information the business needs for administrative action. Communicate with client Driver Training Program Office on a consistent basis with status updates.9. Monitor upcoming changes to the controls and communicate with the Driver Training Program Office with the specifics.10. May need to provide testimony at administrative hearings. Any testimony is based on processes and expertise on security controls, if needed.Skill - Required / Desired - Amount of ExperienceExperience with Cybersecurity frameworks (NIST CSF, ISO 27001), Third-party risk assessment, Vendor Management, Data Privacy - Required - 3 YearsVulnerability management experience - Required - 3 YearsUtilize Bitsight security ratings to assess driving school security posture - Required - 3 YearsDaily or weekly tracking of vendor security ratings in Bitsight to detect drops in security performance - Required - 3 YearsGenerate automated reports and dashboards for business highlighting provider risk exposure and their security control effectiveness - Required - 3 YearsManage remediation plans within the GRC OneTrust to closure. - Required - 3 YearsNotes:
This is a fully remote position, and other employment is permitted (candidate must be able to dedicate approximately 10 hours per week analyzing and communicating results).
This work can be done at any time, including nights and weekends.Full-Time Remote PART-TIME position: approximately 10 hours/week. Must be able to attend occassional on-site meetings.
(Please ensure email matches your resume email)
(document types allowed: doc/docx/rtf/pdf/txt) (max 2MB)
By submitting this form, you are consenting to the VIVA team contacting you via Phone/Email