Full-time
Security and Compliance Manager - Audacious Inquiry - Baltimore, MD

The Information Security and Compliance Manager will be responsible for the proactive monitoring of the enterprise security and risk posture of production systems and infrastructure, while identifying and escalating potential incidents or anomalies for further investigation. The ideal candidate must be able to work independently and have project management skills. Desired areas of knowledge include vulnerability assessment, intrusion prevention and detection, access control and authorization, firewall rulesets, encryption, web-filtering, advanced threat protection and infrastructure security. It is expected that the Information Security and Compliance Manager will be experienced in HIPAA regulations, CMMI, HITRUST, EHNAC and SOC2 audit requirements, control frameworks and other technology processes. PRIMARY RESPONSIBILITIES Oversee the implementation and ongoing assessment of security programs that align with HIPAA regulations, HITRUST, EHNAC and SOC2 audit requirements. Oversee company’s CMMI compliance and ongoing audit requirements. Oversee the review and analyze alerts and logs from firewalls, intrusion detection/protection systems, antivirus, and event solutions and other security threat data sources to gain awareness and report on potentially suspicious and anomalous activity. Work closely with internal application and business teams to identify requirements for NIST/CMS, HIPAA/HITECH, HITRUST and other regulatory compliance requirements, develop implementation approaches and monitoring of their progress. Assist with formulation and distribution of information weekly/monthly/quarterly metrics and event reports. Conduct and oversee internal security training program for employees. Follow up on outstanding security audit and penetration testing findings. Assist the Architecture Review Board in assessing new or changed applications and/or technology infrastructure elements with a security impact managing the lifecycle through a change management process. Participate in the design and execution of vulnerability assessments, penetration tests and security audits. SKILLS AND REQUIREMENTS Minimum of 3-5 years of IT security experience, at least one security certification preferred (CISSP, CISA, etc.). Bachelor’s degree (pref. computer science or related field). Strong critical thinking and problem solving skills. Excellent written and oral communications skills. 2+ years of relevant audit, information risk, security, or compliance experience with a firm understanding of risk assessment and analysis techniques. Knowledge of IT data security compliance programs including HITRUST, SOC 2, HIPAA/HITECH, NIST/CMS, or similar (e.g. FINRA) Efficient with OS Security, Windows & Linux. Hands on technical knowledge with at least one of the following: role-based access control, network security, current information security threats, incident management concepts and practices. Additionally, candidate should have excellent communication skills and the ability to partner with employees and customers. Hands-on experience managing teams and/or projects, gathering and documenting requirements, and overseeing the execution of requirements in a system development lifecycle.
For more information about Ai and our benefits, visit our careers page: ainq.com/working-at-ai/

Apply for this job  or Save to My Jobs

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.