Remote IT Security Specialist - Cloud Security and Risk Management

Job Overview

We are seeking a dedicated and knowledgeable IT Security Specialist to enhance security measures for a significant application and infrastructure modernization initiative. This role will involve a thorough review of essential documentation, identification of potential security vulnerabilities, and collaboration in the formulation of effective risk mitigation strategies to ensure adherence to security and privacy regulations. The ideal candidate will possess extensive experience in cloud security, risk management, and system security evaluations.

Key Responsibilities

• Develop, execute, and oversee security protocols to safeguard computer networks and sensitive information.
• Perform ongoing evaluations of development processes and propose enhancements to bolster security.
• Assist the Information System Security Officer (ISSO) in managing system security plans, ensuring systems acquire and sustain authorization to operate (ATO), and support activities related to the Assessment and Authorization (A&A) process.
• Ensure security compliance for applications and systems hosted in cloud environments such as AWS, Azure, and Google Cloud.
• Direct the security program for applications and systems, adhering to guidelines including MARS-E, NIST, and HIPAA.
• Collaborate with Operations and Maintenance (O&M) and Infrastructure teams to confirm software remains current and aligns with Information Security (InfoSec) policies.
• Work closely with developers, engineers, and other stakeholders to satisfy security requirements while minimizing project delays.
• Partner with teams to establish automated Disaster Recovery solutions, which encompass alerting, notifications, data backup, and recovery protocols.
• Contribute to the development of security event logging and monitoring procedures.
• Conduct internal reviews of security controls to ensure compliance with applicable regulations and technical standards.
• Track and oversee remediation efforts for audit findings through Plans of Actions and Milestones (POA&Ms) and Corrective Action Plans (CAPs).
• Ensure that adequate security controls are implemented to protect sensitive data and infrastructure.
  
  

Required Skills

• Proficient in security operations, including logging, monitoring, and incident response.
• Expertise in risk management and vulnerability assessment according to NIST 800-53, HIPAA, SSA, and IRS Pub 1075.
• Specialized knowledge in cloud security compliance (AWS, Azure, Google Cloud).
• Ability to serve as a resource for compliance requirements at both CMS and state levels.
  
  

Qualifications

• A minimum of 5 years of experience in IT security or related domains.
• At least 5 years of experience providing security compliance for cloud applications (AWS, Azure, Google Cloud).
• Five years of experience in maintaining and updating system security plans (SSP/SSPP).
• A minimum of 5 years of experience supporting infrastructure assets and services, including familiarity with NIST 800-53.
• Demonstrated experience in security engineering review and recommendations.
• Proven experience working within Agile environments and collaborating with large, cross-functional teams.
• At least 5 years of experience as an ISSO with experience operating under ATO.
• Strong understanding of security architecture, including experience with TOGAF and MITA.
• Familiarity with risk management, vulnerability assessments, and security compliance documentation.
• Experience in reviewing RFPs, MOUs, and disaster recovery plans for security requirements.
• Background in evaluating security-related documentation such as Business Continuity Plans and Disaster Recovery Testing Plans.
  
  

This position presents an exceptional opportunity for skilled professionals passionate about securing intricate systems and tackling challenging security issues. Join our committed team and contribute to shaping robust security practices.

Employment Type: Full-Time