Job Description :
DISYS is seeking a Compliance Business Analyst for a contract to perm opportunity Compliance Duties
- Maintain the policy and procedures documents. Ensure they are reviewed and updated annually by the owners.
- Maintain the security and trust services controls and test cases in the corporate GRC tool.
- Perform internal audits of the security and trust services controls. Document results and track defects. Ensure all defects are corrected or remediated with an acceptable level of risk.
- Monitor the monthly, quarterly, and annual internal audit processes and ensure all actions are completed on time.
- Gather evidence for external audits from the key control owners. Perform a quality assurance check of all evidence prior to submission to the auditor.
Risk Management Duties
- Assist in the completion of vendor risk assessments. This includes performing desktop research, collecting evidence from the vendors, reviewing contracts, and writing the vendor risk assessment report.
- Review vendor risk assessments annually and update as necessary.
- Assist in the completion of the annual HIPAA Risk Assessment Report.
Requirements Management Duties
- Monitor various policies and standards for changes. Translate the changes into requirements and specifications.
- Ensure traceability of the requirements throughout the entire software development process, including quality assurance, to enable impact analyses.
- Analyze the impacts of changes in policies and standards on our products. That is, use requirements traceability to determine which products are affected by the change (top-down traceability).
- Analyze the impact of defects on requirements. That is, if a QA test fails, use requirements traceability to determine what policies and standards are not being met (bottom-up traceability).
- Minimum of 2 years of experience with SOC 2, HIPAA, or NIST SP 800-53, or minimum of 2 years of experience as a business analyst translating requirements into specifications (PBIs) in a software development environment.
- College degree.
- Experience with agile software development.
- Experience with the software change management process.
- FISMA or FedRAMP experience.
- College degree in business administration, paralegal studies, or technical field such as information systems or computer science.