About the position
This role conducts thorough security risk assessments for new technologies before deployment and technologies post-deployment in the production environment. Identifies, assesses, analyzes security risks, scrutinizes potential vulnerabilities, and provides risk mitigation strategies to ensure compliance and adherence to information security standards for a seamless and secure integration. This role will require the colleague to engage project managers, project management team members including developers, architects, infrastructure engineers, and EIS stakeholders as applicable. This role should be able to describe technical issues to business partners or senior leaders in risk terms that are clear and understandable while still having some subject matter expertise. This role should be able to lead small teams, mentor junior team members, oversee third party contractors, and respond to critical requests.
Responsibilities
- Conduct thorough security risk assessments for new technologies before deployment and post-deployment in the production environment.
- Identify, assess, and analyze security risks and potential vulnerabilities.
- Provide risk mitigation strategies to ensure compliance with information security standards.
- Engage with project managers, developers, architects, infrastructure engineers, and EIS stakeholders.
- Describe technical issues to business partners or senior leaders in clear, understandable risk terms.
- Lead small teams and mentor junior team members.
- Oversee third party contractors and respond to critical requests.
Requirements
- 2+ years of information security experience.
- 2+ years working knowledge of common security frameworks and regulations, including NIST 800-53, ISO 27001/2, HIPAA/HITECH, HITRUST, and PCI-DSS.
- 2+ years working knowledge of Information Technology including Cloud, access management, architecture, infrastructure, operating systems, application/software development, and endpoint security.
Nice-to-haves
- Industry related certification such as CISSP, CISM, CRISC, etc.
- Ability to comprehend implications of security risk (inherent risk, residual risks), compensating controls, etc.
- Solid written and verbal communication skills.
- Ability to demonstrate critical thinking and knowledge of risk management basic processes, tools, and techniques.
- Experience operating in applications including Archer, Qualys, Checkmarx, and Prisma.
- Solid knowledge of Information Security policies and procedures.
- Solid knowledge of regulatory standards, including NIST 800-53, SOX, SOC1/SOC2 Type II audits, HIPAA/HITECH, HITRUST, and PCI-DSS.
- Knowledge of current security threat and vulnerability trends.
- Understanding of cloud Security best practices and frameworks.
Benefits
- Full range of medical, dental, and vision benefits.
- 401(k) retirement savings plan.
- Employee Stock Purchase Plan.
- Fully-paid term life insurance plan.
- Short-term and long-term disability benefits.
- Numerous well-being programs.
- Education assistance and free development courses.
- CVS store discount and discount programs with participating partners.
- Paid Time Off (PTO) or vacation pay.
- Paid holidays throughout the calendar year.
