logo

View all jobs

Sr. Security Compliance SME

Remote, Remote
Our client is looking for a Sr. Security Compliance SME to assist with security, data/document management, and infrastructure work.
 
Responsibilities:
  • Develop technical aspects of the company’s strategy to ensure alignment with its business goals
  • Monitor KPIs and IT budgets to assess technological performance
  • Use stakeholders’ feedback to inform necessary improvements and adjustments to technology
  • Exceptionally strong network and system administration knowledge
  • Manage and Enhance our IT Security Operations
  • Perform and Manage internal System and Compliance Audits
  • Set Strategy and Tactics to operate in a high compliance environment
  • Align Department’s goals and tactics with the business strategy of the company while also advocating for and enforcing a compliant environment
  • Map and Plan for future growth and project cost and savings of such
  • Produce detailed reports describing vulnerabilities/risks and provide concise guidance to stakeholders to support remediation.
  • Coordinate with development and other application teams to provide mitigation recommendations, education, and ensure vulnerabilities are effectively resolved.
  • Serve as an application security subject matter expert for projects.
  • Investigate infrastructure systems for evidence of a breach/malicious activities, backdoors, misconfigurations, etc.
  • Understand research, design and develop documentation, processes and techniques to evaluate and continuously update security solutions, technical and reference architectures and supporting security strategies
  • Develop and maintain platform and system-specific security controls test matrix, security assessment reports, plan of action and milestones, system security plans, continuous monitoring and evaluation plans and other artifacts supporting the platform security operations
  • Work with and manage the different agencies and vendors to support software and systems are compliant with industry standards.
  • Manage and maintain Enterprise systems.
  • Design and develop tools to support our, Finance, HR, stakeholder needs. (new systems, audits, training tools, Intranet, etc.)
  • Define and maintain an infrastructure and security roadmap to support the enterprise.
  • Design and develop security policies, standards and procedures e.g., Identity and Access Management (IAM), Multi-factor authentication (MFA), firewall management, SSL/IPSec, security incident and event management (SIEM), data protection (DLP, encryption), user account management (SSO, SAML), and password/key management.
 
Sample Qualifications:
 
Management and Communication
  • Knowledge of technological trends to build strategy
  • Understanding of budgets and business-planning
  • Ability to conduct technological analyses and research
  • Excellent communication skills
  • Experience with start-ups a plus
  • Strategic thinking
  • Problem-solving aptitude
  • Knowledge of website technologies & development with experience managing internal development as well as outsourced development with external vendor, preferred
  • Clear, rational thinker who uses data and research to make informed judgments
  • Five or more years' experience in Network/System Administration
  • Healthcare industry experience preferred
  • You have strong communication skills and a product focused mindset to build the right solutions for your customers.
  • Risk management experience with proven ability to effectively apply risk principles to challenging business situations
 
Infrastructure and Engineering
  • In-depth knowledge and understanding of information risk concepts and principles to ensure relevant business needs have appropriate corresponding security controls.
  • In-depth knowledge of password based, session hijacking, DDOS, sniffing, MITM, cryptography, and application layer attacks.
  • Ability to demonstrate a clear understanding, at an enterprise level, of application, network, infrastructure, and data security architecture.
  • Demonstrated experience in the following areas: threat modelling, application security, penetration testing, vulnerability management, and security consulting for application and/or infrastructure type projects.
  • Demonstrated experience building out programs, processes, and procedures that scale horizontally across organizations.
  • Experience working with development team(s) that delivered commercial software or software-based services (development, QA testing, or security role).
  • Knowledge of computing, networking, security and information technology
 
Security
  • Scripting capabilities for creating custom scripts to identify/exploit vulnerabilities.
  • Develop low-level tools that improve security testing and monitoring
  • Advanced knowledge of networking systems and security software.
  • Technical knowledge of routers, firewalls, and server systems.
  • Familiarity with regulatory and industry security frameworks and best practices such as NIST, OWASP, PCI, SANS. Additionally, experience in planning, implementing and/or supporting the processes associated with the use of these methodologies.
  • You are a pragmatic security leader who believes in risk focused, scalable security approaches.
  • You have a strong technical background in scalable security solutions.
  • Experience with building, or use of, data management and automation tools for threat information, such as security vulnerabilities and threat actors.
  • Demonstrated domain knowledge of security vulnerabilities, how they impact software, and how they can be mitigated.
  • Knowledge of HIPAA Security Rule, and familiarity of HITRUST CSF required
#
 

More Openings

Embedded Engineer
Linux Systems Engineer

Share This Job

Powered by