job summary: As a Security Governance Specialist, you will be a key member of the Information Security Governance Risk & Compliance (GRC) team. This role presents an amazing opportunity to be exposed to all areas of information security (incident management, risk management, devsecops, insider threat, product security, and more) and meet people from all levels. Additionally, you'll support the day-to-day functions of a growing Information Security team. You will be closely working with other members of the information Security team and IT teams to ensure continued success through the development of sound security governance practices. This role is ideal for those seeking a challenge in a growing business, providing indispensable service to user communities and being part of its success. This is role will serve asr an information security practitioner with foundational enterprise security knowledge, providing governance expertise and support across the information security program. This is a great opportunity to join a high performing team in the finance industry. location: Waltham, Massachusetts job type: Contract salary: $55 - 60 per hour work hours: 8am to 4pm education: Bachelors responsibilities: Key responsibilities Assist in the development, maintenance, implementation and revision of policies, standards, procedures, and guidelines of security programs and related activities to conform with best practices and legal/regulatory requirements while meeting business needs.Establish processes and procedures for continuous review and improvement of information security policies, standards, and controls through reviews with control owners, SMEs and auditors. Partner effectively with the security awareness team to communicate new policies and spread general awareness about Information Security Management practiceWork with compliance and internal audit to ensure that controls are implemented to meet regulatory requirements, including regulatory obligations and shield requirementsWork with information security risk lead to assess risk, develop control remediation recommendations and monitor residual risk to Commonwealth's technology group.Document best practices for security engineering, operations, architecture and governance groups, including processes, standard operating procedures, and continued process improvementCoordinate and respond to advisor security inquries, due diligence questionnaires, and security-related contract modificationsManage help desk, responding to customer inquiries, identifying improvement opportunities, and developing and managing service delivery frameworkManage, develop, and create InfoSec and help desk processes to ensure robust and streamlined approach for response and management of advisor and employee inquiriesLead curation of FAQ content and employee / advisor inquiries to develop a knowledge base for response to requests, keeping it accurate and up-to-date by working with SME teams across InfoSec, Engineering, IT, SecOps, etc. Help create metrics to demonstrate the efficiency and effectiveness of Commonwealth's security program and to inform continuous improvementSystematically track and report end user feedback about our security program to inform InfoSec and the business about where we need to improve security to satisfy customers' needsReport and communicate security issues and topics to technical and non-technical audiences, ranges from individual contributors to C-suite executivesAssists in the management and maintenance of the Cybersecurity Regulatory & Compliance Management Program, ensuring all activities, processes, and procedures meet defined requirements, policies, and regulationsSupport internal and external audit processes for relevant compliance concernsActs as a liaison and Information Security GRC expert. Serves as a source of information on the Security Governance and Compliance needs and the regulatory environmentAssist in the implementation of governance and risk management solutions including reporting on status of security governance, risk remediation, and compliance efforts Core strengths Bachelor's degree in information systems or a related discipline, or equivalent training2+ years' experience in IT, Information Security, Compliance, Legal, Data Privacy or a related industryExperience or interest in IT and/or Information Securitystrong knowledge of data and information flows, information governance, network protocols.Experience of security hardening techniques and policy development, particularly operating system hardening (e.g. Windows, UNIX, Oracle).Excellent writing skills, with experience as a writer or technical editor a plusExperience drafting corporate policies or working in document management a plusstrong analytical and problem solving skills, negotiation, interaction management, and presentation skills are required with the ability to create consensus and understanding around security policyAbility to communicate effectively both orally and in writing. Excellent knowledge of information security and related principles.Ability to develop positive relationships and effectively communicate with employees, customers, auditors, business partners, and all levels of management qualifications: Experience level: ExperiencedMinimum 5 years of experienceEducation: Bachelors skills: SECURITYgovernancerisk Strategic Planning Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status. For certain assignments, Covid-19 vaccination and/or testing may be required by Randstad's client or applicable federal mandate, subject to approved medical or religious accommodations. Carefully review the job posting for details on vaccine/testing requirements or ask your Randstad representative for more information.