Our client is looking for a Sr. Security Compliance SME to assist with security, data/document management, and infrastructure work.
- Develop technical aspects of the company’s strategy to ensure alignment with its business goals
- Monitor KPIs and IT budgets to assess technological performance
- Use stakeholders’ feedback to inform necessary improvements and adjustments to technology
- Exceptionally strong network and system administration knowledge
- Manage and Enhance our IT Security Operations
- Perform and Manage internal System and Compliance Audits
- Set Strategy and Tactics to operate in a high compliance environment
- Align Department’s goals and tactics with the business strategy of the company while also advocating for and enforcing a compliant environment
- Map and Plan for future growth and project cost and savings of such
- Produce detailed reports describing vulnerabilities/risks and provide concise guidance to stakeholders to support remediation.
- Coordinate with development and other application teams to provide mitigation recommendations, education, and ensure vulnerabilities are effectively resolved.
- Serve as an application security subject matter expert for projects.
- Investigate infrastructure systems for evidence of a breach/malicious activities, backdoors, misconfigurations, etc.
- Understand research, design and develop documentation, processes and techniques to evaluate and continuously update security solutions, technical and reference architectures and supporting security strategies
- Develop and maintain platform and system-specific security controls test matrix, security assessment reports, plan of action and milestones, system security plans, continuous monitoring and evaluation plans and other artifacts supporting the platform security operations
- Work with and manage the different agencies and vendors to support software and systems are compliant with industry standards.
- Manage and maintain Enterprise systems.
- Design and develop tools to support our, Finance, HR, stakeholder needs. (new systems, audits, training tools, Intranet, etc.)
- Define and maintain an infrastructure and security roadmap to support the enterprise.
- Design and develop security policies, standards and procedures e.g., Identity and Access Management (IAM), Multi-factor authentication (MFA), firewall management, SSL/IPSec, security incident and event management (SIEM), data protection (DLP, encryption), user account management (SSO, SAML), and password/key management.
Management and Communication
Infrastructure and Engineering
- Knowledge of technological trends to build strategy
- Understanding of budgets and business-planning
- Ability to conduct technological analyses and research
- Excellent communication skills
- Experience with start-ups a plus
- Strategic thinking
- Problem-solving aptitude
- Knowledge of website technologies & development with experience managing internal development as well as outsourced development with external vendor, preferred
- Clear, rational thinker who uses data and research to make informed judgments
- Five or more years' experience in Network/System Administration
- Healthcare industry experience preferred
- You have strong communication skills and a product focused mindset to build the right solutions for your customers.
- Risk management experience with proven ability to effectively apply risk principles to challenging business situations
- In-depth knowledge and understanding of information risk concepts and principles to ensure relevant business needs have appropriate corresponding security controls.
- In-depth knowledge of password based, session hijacking, DDOS, sniffing, MITM, cryptography, and application layer attacks.
- Ability to demonstrate a clear understanding, at an enterprise level, of application, network, infrastructure, and data security architecture.
- Demonstrated experience in the following areas: threat modelling, application security, penetration testing, vulnerability management, and security consulting for application and/or infrastructure type projects.
- Demonstrated experience building out programs, processes, and procedures that scale horizontally across organizations.
- Experience working with development team(s) that delivered commercial software or software-based services (development, QA testing, or security role).
- Knowledge of computing, networking, security and information technology
- Scripting capabilities for creating custom scripts to identify/exploit vulnerabilities.
- Develop low-level tools that improve security testing and monitoring
- Advanced knowledge of networking systems and security software.
- Technical knowledge of routers, firewalls, and server systems.
- Familiarity with regulatory and industry security frameworks and best practices such as NIST, OWASP, PCI, SANS. Additionally, experience in planning, implementing and/or supporting the processes associated with the use of these methodologies.
- You are a pragmatic security leader who believes in risk focused, scalable security approaches.
- You have a strong technical background in scalable security solutions.
- Experience with building, or use of, data management and automation tools for threat information, such as security vulnerabilities and threat actors.
- Demonstrated domain knowledge of security vulnerabilities, how they impact software, and how they can be mitigated.
- Knowledge of HIPAA Security Rule, and familiarity of HITRUST CSF required