IS Business Risk

*Candidates must live in the surrounding Columbus, OH area or they will not be considered. No corp-to-corp*

IS Business Risk and Controls Analyst
Newark, OH. Hybrid model, 3 days in (Mon-Wed), 2 days out (Thurs, Fri)
6-month contract with the possibility of extension or conversion
Pay rate: $35-$40/hr

What is the purpose of this position? What are we trying to accomplish with this role?

This position is responsible for supporting the IT risk management and issue tracking processes, including providing guidance, developing risk assessments, monitoring issues, and reporting. This person needs to be able to create rapport with IS leadership, interview and deduce the next steps, and then create assessments and policies from scratch. Must have a level of expertise to question everything.

Department

Team of two, as we have a current FTE in this role that we are looking to help with the workload. Lots of heavy lifting as initial docs are established.  

Day to Day

Understand what Risk and Controls are and be able to know how to build a risk assessment. Also, understand the theory behind the risk assessments and testing controls.

Need to be able to advise the rest of IT and be the driver to build their risk assessment and bring them up to speed. Translate from IT speak into non-IT terms and be able to understand, decipher and ask question of what IT leadership is doing.

Need to have enough knowledge of IT to be able to ask the right questions at a granular level. Can ask questions so they don’t feel like they are being quizzed or audited.

Issues management, when there is an exception, guides business partners through the root cause. Confident enough to question those choices.

Expertise in High, Med, and Low risk and coming up with remediation plans. Explain what the key things are they need to do to get issues resolved and not repeat.

Will feel like ground hog day for a while but with a different group each time.

Role

• Tech Stack
  • Governance, Risk, and Compliance (GRC)
  • Policy Compliance Strategies
  • ServiceNow GRC
  • Audit Management Implementation
  • Security Assessment
  • Risk Assessment
  • Compliance Management
  • Internal Controls
  • Data Analysis
  • IT Governance
  • Quality Assurance
  • Regulatory Standards (SOX, GDPR, ISO 27001)
  • MS Office Suite
  • COBIT, COSO, ITIL Framework,
  • Cybersecurity Policies
• Soft Skills
  • Needs to think and explain in terms that almost dumb down why IS should think about certain risk and control measures
• Non-negotiables
  • Doesn’t want a doer, can’t create reports, has to be able to hit the ground running
  • Wants to have someone who worked in banking

EDUCATION - CERTIFICATIONS - WORK EXPERIENCE

• Certified Information Systems Auditor (CISA)
• CISSP
• IT Auditor foundation is good.

*Candidates must live in the surrounding Columbus, OH area or they will not be considered. No corp-to-corp*

IS Business Risk and Controls Analyst
Newark, OH. Hybrid model, 3 days in (Mon-Wed), 2 days out (Thurs, Fri)
6-month contract with the possibility of extension or conversion
Pay rate: $35-$40/hr

What is the purpose of this position? What are we trying to accomplish with this role?

This position is responsible for supporting the IT risk management and issue tracking processes, including providing guidance, developing risk assessments, monitoring issues, and reporting. This person needs to be able to create rapport with IS leadership, interview and deduce the next steps, and then create assessments and policies from scratch. Must have a level of expertise to question everything.

Department

Team of two, as we have a current FTE in this role that we are looking to help with the workload. Lots of heavy lifting as initial docs are established.  

Day to Day

Understand what Risk and Controls are and be able to know how to build a risk assessment. Also, understand the theory behind the risk assessments and testing controls.

Need to be able to advise the rest of IT and be the driver to build their risk assessment and bring them up to speed. Translate from IT speak into non-IT terms and be able to understand, decipher and ask question of what IT leadership is doing.

Need to have enough knowledge of IT to be able to ask the right questions at a granular level. Can ask questions so they don’t feel like they are being quizzed or audited.

Issues management, when there is an exception, guides business partners through the root cause. Confident enough to question those choices.

Expertise in High, Med, and Low risk and coming up with remediation plans. Explain what the key things are they need to do to get issues resolved and not repeat.

Will feel like ground hog day for a while but with a different group each time.

Role

• Tech Stack
  • Governance, Risk, and Compliance (GRC)
  • Policy Compliance Strategies
  • ServiceNow GRC
  • Audit Management Implementation
  • Security Assessment
  • Risk Assessment
  • Compliance Management
  • Internal Controls
  • Data Analysis
  • IT Governance
  • Quality Assurance
  • Regulatory Standards (SOX, GDPR, ISO 27001)
  • MS Office Suite
  • COBIT, COSO, ITIL Framework,
  • Cybersecurity Policies
• Soft Skills
  • Needs to think and explain in terms that almost dumb down why IS should think about certain risk and control measures
• Non-negotiables
  • Doesn’t want a doer, can’t create reports, has to be able to hit the ground running
  • Wants to have someone who worked in banking

EDUCATION - CERTIFICATIONS - WORK EXPERIENCE

• Certified Information Systems Auditor (CISA)
• CISSP
• IT Auditor foundation is good.

Vaco values a diverse workplace and strongly encourages women, people of color, LGBTQ+ individuals, people with disabilities, members of ethnic minorities, foreign-born residents, and veterans to apply.

Vaco is an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race (including but not limited to traits historically associated with race such as hair texture and hair style), color, sex (includes pregnancy or related conditions), religion or creed, national origin, citizenship, age, disability, status as a veteran, union membership, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, political affiliation, or any other protected characteristics as required by federal, state or local law.

Vaco LLC and its parents, affiliates, and subsidiaries are committed to the full inclusion of all qualified individuals. As part of this commitment, Vaco LLC and its parents, affiliates, and subsidiaries will ensure that persons with disabilities are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact HR@vaco.com .

Vaco also wants all applicants to know their rights that workplace discrimination is illegal.

By submitting to this position, you agree that you will be giving Vaco the exclusive right to present your as a candidate for the foregoing employment opportunity. You further agree that you have represented information about yourself accurately and have not affirmatively misrepresented your qualifications. You also agree to maintain as confidential, to the fullest extent permitted by law, any information you learn from Vaco about the position and you will limit disclosure of information about the position only to the extent necessary to perform any obligations in furtherance of your application. In exchange, Vaco agrees to exercise reasonable efforts to represent you through all solicitation, job screening and resume dispersal.

Vaco LLC and its parents, affiliates, and subsidiaries (“we,” “our,” or “Vaco”) respects your privacy and are committed to providing transparent notice of our policies.

• California residents may access Vaco’s HR Notice at Collection for California Applicants and Employees here.
• Virginia residents may access our state specific policies here.
• Residents of all other states may access our policies here.
• Canadian residents may access our policies in English here and in French here.
• Residents of countries governed by GDPR may access our policies here.

Determining compensation for this role (and others) at Vaco depends upon a wide array of factors including but not limited to:

• the individual’s skill sets, experience and training;
• licensure and certification requirements;
• office location and other geographic considerations;
• other business and organizational needs.

With that said, as required by local law, Vaco believes that the following salary range referenced above reasonably estimates the base compensation for an individual hired into this position in geographies that require salary range disclosure. The individual may also be eligible for discretionary bonuses.