Information Security Systems Administrator

Myers and Stauffer LC is a certified public accounting and health and human services reimbursement consulting firm, specializing in audit, accounting, data management and consulting services to government-sponsored health and human services programs (primarily state Medicaid agencies, and the federal Center for Medicare & Medicaid Services). We have 45 years of experience assisting our government clients with complex health care reimbursement and provider compliance issues, operate 20 offices and have over 900 associates nationwide.
 

At Myers and Stauffer, you will have a career that is rewarding while also supporting our state and federal government health and human services clients that focus on those in need. We are committed to providing our employees with professional growth and development opportunities, a diverse, dynamic, challenging work environment, and a strong and visionary leadership team. 

What We Offer: 
 

• Health, Dental, and Vision insurance along with other competitive employee benefits for eligible associates
• Vacation time, sick time, and paid holidays
• Paid Parental Leave and available support resources
• 401K with company matching for eligible employees
• Tuition reimbursement, referral bonuses, paid volunteer community service time, mentor program, and a variety of other employee programs and perks
• A combination of technical and leadership development training at each career milestone
• Up to six counseling sessions per year for eligible employees through our Employee Assistance Program                

Job Purpose / Objective 
The Information Security Administrator will support the protection of our information assets from intentional or unintentional disclosure, modification, destruction, or denial of access through the implementation of appropriate information security policies, standards, guidelines, and procedures.  The primary role is to support our vulnerability and risk management programs and facilitate incident response procedures in a timely and accurate fashion.

The Information Security Administrator will conduct network and application vulnerability/risk assessments for the organization, participate in penetration testing and detection activities, and perform security incident response procedures utilizing internal and external resources. The Administrator will assist with the implementation and enhancement of information security measures to safeguard our systems and information assets.

Essential Functions & Primary Duties

• Configure, maintain, and monitor the backup solution to ensure policies are upheld and/or provide enhancement suggestions.
• Configure, monitor, and support multifactor authentication (MFA) technologies.
• Be accountable for and lead implementation efforts to enhance data lose prevention solutions and methodologies.
• Configure Microsoft Azure Active Directory (AD) and its security features and configurations (i.e., conditional access, device compliance, Microsoft Defender, device policies) as required.
• Collaborate with other teams (i.e. Application Development) to implement enhancements to code analysis tools, ensure that appropriate uses are in place, and make recommendations on priority and reporting.
• Support and assist with configuration, tuning and management processes related to the security information and event management (SIEM) solution covering system/application logs, log forwarding/filtering, service and system monitoring.
• Support appropriate teams to gather and review firewall rules and identify risks associated with access control lists.
• Configure, schedule, and review vulnerability reports; prioritize and coordinate remediation efforts.
• Monitor and implement security hardening enhancements, track exceptions, recommend changes, and work with respective teams to support needed documentation on deviations.
• Conduct reviews of Active Directory Group Policy Object (GPO) and Intune device compliance policies to make recommendations that align with industry best practices as well as security baselines.
• Assist with the internal risk assessment process, including third party risk assessments.
• Provide assistance during the RFP processes to validate tooling alignment and configuration for potential new work and note additional risks when applicable.
• Support whitelisting and blacklisting methodologies including implementation, documentation, and monitoring processes.
• Support the Compliance and Privacy Team with providing deliverables or evidence collection.
• Assist in research efforts on emerging threats and make recommendations for improvement of assigned processes and technical controls, including those based on FISMA and NIST compliance, as appropriate.

Requirements:

• Bachelor’s degree or equivalent work experience required
• 3 years' of related work experience required
• CISSP, SSCP, SEC , CISA, CISM, or equivalent certifications preferred 
• Familiarity with the following:
  • Backup and recovery principles and solutions to ensure the availability of data in the event restores are requested.
  • Internal, external and third-party identity access management (IAM) solutions.
  • DISA STIGS and other security baselines.
  • Security features and configurations related to Microsoft Azure tenant / Active Directory (i.e. conditional access, device compliance, Microsoft defender, device policies).
  • Data protection requirements relating to personally identifiable information and protected health information.
  • Experience with network and application vulnerability management and assessment solutions.
  • Knowledge of information security and computer network, application, and user access technologies including email security and encryption, multi-factor authentication, end-point security, anti-virus/anti-malware, and security log management.
• Knowledge of information security frameworks and standards including:
  • NIST Cyber Security Framework
  • NIST SP 800-53
  • FISMA
  • FedRAMP
  • StateRAMP, and FedRAMP
  • ISO 27002
  • HIPAA
  • Proficient knowledge of applicable infrastructure technologies
  • Ability to execute and draft technical instructions, policies, and guidelines
  • Ability to document daily control activities and system function
  • Ability to work independently and with cross-functional teams
  • Demonstrated ability to communicate verbally and in writing 
  • Ability to travel as required by business and on-call availability

The Team: 
Myers and Stauffer takes pride in the welcoming and collaborative culture we have throughout our offices. For this position, the employee will report to one of our Managers or Senior Managers on the IT engagement team.

Work Style: 
Our general business hours are Monday through Friday 8am-5pm, but can vary based on business needs. Dependent on performance, our in-office associates are eligible for a hybrid work schedule after their initial 90-day training period. As a company, we are always willing to discuss potential flexibility that an employee may need to better suit their work-life wellbeing.

Typical Interview Process:

• Phone Screen with a Recruiter
• In person or remote interview with the hiring manager & team
  
  #LI-DS1

#LI-HYBRID