Posted in Other 13 days ago.
* This is a Sr. position - must be able to understand end to end security, compliances, controls, etc.
*Projects the candidate will be working on: *
* This position is for highly critical visible project responsible for overseeing all aspects of information security operations, information security programs/projects, information security & technology risk assessments, and information security reporting.
* Performs all duties in accordance with the company's policies and procedures, all U.S. state and federal laws and regulations, wherein the company operates
* Cyber security leaders who manage security for systems and developing solutions for the healthcare industry. We are searching for a seasoned SISO with a passion for cyber security, excellent communication skills, and a leadership mindset to manage the latest threats and related laws and policies governing information security.
* MUST have experience with Data Exchanges.
* Five (5)+ years of Information Security experience is required; including three (3) years of FISMA related experience.
* Bachelors Degree in an Information Security, Cybersecurity, Computer Science or equivalent. Masters Degree in a related field a plus.
* Hold in good standing at least one of the following certifications:
* Certified Information Systems Security Professional (CISSP)
* Certified Information Systems Manager (CISM)
* Certified Cloud Security Professional (CCSP)
* Strong presentation, oral, and written communication skills
* Ability to balance security needs with mission/business needs.
* Specialized knowledge and experience with the implementation of the NIST Special Publication (SP) 800 family of publications, particularly those associated with the Risk Management Framework.
* Specialized knowledge and experience with evaluating system, network, or infrastructure security controls against requirements such as FISMA, NIST, MARS-E, HIPPA, SSA and IRS standards.
* Knowledge and experience with incident management and vulnerability management.
* Strong understanding of how to manage risk profile for large organizations required to meet federal privacy and security requirements while maintaining a tolerable risk level.
* Strong understanding of security architectures, operating systems, databases, networks, applications, and security tools.
* Knowledge and experience with information security and assurance principles (e.g., Defense-in-depth) and associated supporting technologies and architectures.
* Ability to assess and weigh current and evolving security threats in an operational environment
* Overseeing all aspects of information security operations, information security programs/projects, information security & technology risk assessments, and information security reporting.
* Performs all duties in accordance with the company's policies and procedures, all U.S. state and federal laws and regulations, wherein the company operates.
* Responsible for maintaining security with an objective to provide confidentiality, integrity, and availability of sensitive data within systems.
* Assist with alignment of information technology (IT) security priorities with the security strategy, information security budget, staffing, and contracting.
* Identify and evaluate security program implications of new technologies or technology upgrades.
* Oversee and manage compliance with state and federal security and privacy standards.
* Primary liaison to customers on all security, privacy, and compliance matters.
* Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk.
* Monitor, evaluate, and report effectiveness of cybersecurity safeguards to ensure the appropriate level of protection at an acceptable risk.
* Ensure security improvement actions are evaluated, validated, and implemented as required.
* Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed.
* Coordinate and participate in the continuous monitoring program of audits/assessments, penetration testing and vulnerability scanning.
* Oversee vulnerability and POA&M management, remediation, and reporting to leadership and customers.
* Lead efforts to obtain and maintain authorizations to operate.
* Oversee and ensure remediation's and incident response activities are met in accordance with Service Level Agreements.
* Set up and own processes for continued compliance for items such as RBAC compliance.
* Review change requests and provide Security oversight; ensure compliancy as outlined in the SOW (e.g. FedRAMP)