IT Security Specialist for Cloud Risk Management and Compliance

Job Overview

We are looking for a dedicated and knowledgeable IT Security Specialist to play a crucial role in supporting and evaluating security requirements for a significant application and infrastructure modernization initiative. This position entails meticulously reviewing essential documentation, pinpointing potential security threats, and contributing to the establishment of robust mitigation strategies to ensure adherence to security and privacy regulations. The ideal candidate will possess a solid foundation in cloud security, risk management, and system security evaluations.

Key Responsibilities

• Develop, implement, enhance, and monitor security protocols to safeguard computer networks and data.
• Conduct ongoing assessments of development methodologies and propose enhancements to bolster security.
• Assist the Information System Security Officer (ISSO) in managing system security frameworks, ensuring systems secure and uphold authorization to operate (ATO), and facilitate activities related to the Assessment and Authorization (A&A) process.
• Guarantee security compliance for applications and systems within cloud environments (AWS, Azure, Google Cloud, etc.).
• Supervise the security initiative for applications and systems, adhering to guidelines such as MARS-E, NIST, and HIPAA.
• Collaborate with Operations & Maintenance (O&M) and Infrastructure teams to confirm that software remains current and complies with information security policies.
• Partner with developers, engineers, and other team members to fulfill security mandates while minimizing project delays.
• Work together with teams to execute automated Disaster Recovery solutions, including alerting, notifications, data backup, and recovery workflows.
• Assist in formulating security event logging and monitoring procedures.
• Conduct internal evaluations of security controls to ensure adherence to standards and regulations.
• Monitor and track remediation efforts for audit findings through Plans of Actions and Milestones (POA&Ms) and Corrective Action Plans (CAPs).
• Ensure that proper security measures are in place to protect sensitive data and infrastructure.
  
  

Required Skills

• Security operations, encompassing logging, monitoring, and incident management.
• Risk management and vulnerability assessment grounded in NIST 800-53, HIPAA, SSA, and IRS Pub 1075.
• Security compliance for cloud environments (AWS, Azure, Google Cloud).
• Capability to function as a knowledge resource for compliance requirements at the Centers for Medicare & Medicaid Services (CMS) and state level.
  
  

Qualifications

• 5 years of experience in IT security or related domains.
• 5 years of experience in ensuring security compliance for cloud applications (AWS, Azure, Google Cloud).
• 5 years of experience in maintaining and revising system security plans (SSP/SSPP).
• 5 years of experience supporting infrastructure assets and services, with familiarity with NIST 800-53.
• Proven experience in providing security engineering evaluations and recommendations.
• Experience collaborating in Agile environments and with extensive, cross-functional teams.
• At least 5 years of experience as an ISSO and working under an ATO.
• Strong grasp of security architecture, including experience with TOGAF and MITA.
• Experience in risk management, vulnerability evaluations, and security compliance documentation.
  
  

This position presents an outstanding opportunity to leverage your security expertise within a dynamic and collaborative setting. If you are passionate about securing complex systems and enjoy tackling challenging issues, we invite you to connect with us!

Employment Type: Full-Time