Industry: Professional, Scientific & Technical Services•
5 - 7 years
Posted 97 days ago
The Security Specialist serves as the Subject Matter Expert and Primary Point of Contact (POC) for CNSI and its Customers regarding the development, implementation, and maintenance of data security policies and procedures related to NIST SP 800 Series, FISMA, HIPAA, ISO 2700, FedRAMP, and other applicable State and Federal laws, rules, regulations, and guidelines. The Security Specialist is also responsible for all tasks related to audit preparations and for leading assigned, cross-functional teams through all processes and procedures related to data security audits.
Subject Matter Expertise
Function as a Subject Matter Expert regarding Information Assurance and Data Security Compliance laws, rules and regulations including, but not limited to, the NIST SP 800 series, FISMA guidelines, FedRAMP, ISO 27001 and HIPAA.
Obtain a thorough understanding of CNSI policies and procedures pertaining to data security standards to make informed decisions regarding applicable data security policies and procedures.
Stay up-to-date of existing laws and regulations affecting CNSI’s current policies and procedures and monitor for any new laws or regulations which could potentially affect CNSI and/or their customers.
Create the ‘path to success’ and lead cross-functional teams through successful NIST SP 800 Series, FISMA or FedRAMP Security Assessment Process Audits and/or successful HIPAA Compliance Audit Processes leading to an Authority to Operate (ATO) Certificate.
Act as the primary POC in various assessments including, but not limited to, Risk Assessments, Security Assessments and Privacy Impact Assessments.
Participate in planning, scheduling, and preliminary analysis for all internal and external audits.
Create and monitor audit roadmaps including planning for and scheduling of all required audit activities.
Coordinate audit preparation activities for all affected parties including notification of audit scope, objectives, approach, timeline and deliverables
Train and educate teams and other stakeholders regarding applicable regulatory requirements and responsibilities.
Identify and inform control owners regarding the applicable controls based upon the audit requirements
Work with control owners to identify and document security controls based upon regulatory source and to identify the appropriate artifacts to show the controls are being met.
Work with control owners to update security controls based upon regulatory source updates and/or additions to CNSI’s regulatory requirements. Ensure documentation remains current, adequate testing is performed, results are evaluated and discussed with owners.
Team with the customer’s security representatives or ISO to ensure all requirements are met, all audit preparations are completed, and all steps are taken to ensure a successful audit.
Risk Mitigation and Issue Management
Following skills would be a “PLUS”:
Certification in Healthcare Compliance (CHC) and Healthcare Privacy Compliance (CHPC) or similar field, a plus.
FedRAMP experience, a plus.
Experience successfully leading a cross-functional technical team to a successful FedRAMP or FISMA Certificate and Authority to Operate (ATO), a plus.
Medicaid or Medicare Health IT experience, a plus.
AWS or Oracle Cloud Experience with understanding of Cloud industry technologies and IaaS, PaaS, SaaS platforms, a plus.