04 ISP Program Management
Risk Cypher will support developing and enhancing an Information Security Program and implementing related management control programs as needed and directed by the client.
Risk Cypher will maintain the availability of resources for the performance of the following activities:
● Support in the development of an annual GLBA assessment and Information Security Program as aligned with TRM governance and strategies
● Support in gathering information for, drafting, reviewing, and publication of the 2022 Written Information Security Program
● Validating consistency among the program/safeguard areas under the ISP's Guidance
● Development of a centralized information source for ISP Program documentation that can be shared with external teams as needed (e.g., Audit, 2LOD, 3LOD)
Deliverables
In support of the objectives described above, Risk Cypher will also have responsibility for the following deliverables:
● Development of a single source of reference for policies, procedures, and standards that are in dispersed locations (targeted in a GRC Module)
● Support in the development of standardized Management Control Program documentation and associated documentation for identified ISP domains
o Strategic Program Delivery
o People Security, Training & Comms
o Security Project Management
o IT Governance
o IT Risk and Control Management
o IT Compliance and Audit Support
o Change Management
o Issues Management
o Security Metrics & Reporting
o Identity and Access Management
o Access Governance
o Access Operations
o Access Engineering
o Privileged Access
o Infrastructure Security
o Security Architecture
o Cloud Security
o Application Security
o Data Security & Protection
o Cryptography
o Vulnerability Management
o Secure Configuration Management
o Adversary Emulation
o Incident Response
o Network Security
o Threat Intelligence
o BCP
o DR
o Physical Security
o Vendor Management
o Procurement