IT Security Compliance Engineer

The ideal candidate will possess a strong background in various security domains, extensive experience with security standards, and a track record of implementing robust security measures. This position offers the opportunity to work with cutting-edge technologies and collaborate with cross-functional teams to fortify our cybersecurity posture.

Key Responsibilities:
Thoroughly understand and have significant experience establishing, maintaining, and monitoring enterprise-level solutions for regulatory and compliance requirements (FedRamp, SOC2, NIST)
Data Protection, Recovery, and Business Continuity Plan: Developing and providing a comprehensive business continuity plan that ensures data protection, recovery, and resilience against disruptions.
Collaborate with cross-functional teams to design and implement security controls and measures that align with business objectives while minimizing risk.
Collaborate with internal teams to identify and assess potential security risks across various domains, such as cloud security, network security, and information security.
Communicate security issues, strategies, and recommendations to technical and non-technical stakeholders.
Conduct thorough security assessments and vulnerability analyses, utilizing tools and methodologies to identify weaknesses and recommend remediation strategies.
Cyber Security Threat Reports: Performing regular threat intelligence assessments and delivering monthly reports that identify threats and outline remedial acti
Data Retrieval at Contract Expiration: The ability to retrieve data and configurations from various sources at the end of a contract's duration.
Data Retrieval for IPCC: Retrieving necessary data and configurations for the Integrated Public Communication Centers (IPCC) in accordance with the Statement of Work (SOW).
Data Segmentation Boundary Protection: Ensuring that data segmentation boundaries are established and maintained to protect sensitive information.
Develop, implement, and manage security strategies, policies, and procedures in alignment with industry best practices and regulatory requirements.
Evaluate and recommend security solutions, including hardware, software, and services, to strengthen the organization's security infrastructure.
Exploit and Malware Protection: Configuring systems to ensure protection against exploitation and malware, including implementing antivirus, forensic controls, APT, and IDS/IPS measures.
Monitor security systems, networks, and applications for suspicious activities, promptly investigating and responding to security incidents and breaches.
Participate in incident response planning and contribute to creating effective incident response protocols.
Perform regular security audits and penetration testing to identify potential vulnerabilities and address them proactively.
Provide Attestation Letter for SOC 2 Type 2 Report Annually: Preparing and providing an annual attestation letter that summarizes the SOC 2 Type 2 Report's results, exceptions, and management's response.
Provide a Copy of SOC 2 Type 2 Report as Part of Solicitation: Including the SOC 2 Type 2 Report as part of the contract proposal to demonstrate compliance with security standards.
Provide expert guidance and support during the design and implementation of new technologies, ensuring security requirements are integrated from the outset.ons.
Security Incident Handling: Establishing protocols and procedures for responding to security incidents, coordinating with various teams, and adhering to breach notification timeframes.
Stay up-to-date with the latest security threats, trends, and technologies, continuously enhancing the organization's security posture.
System Monitoring and Audit Logging (Security): Implementing processes for ongoing security monitoring, incident response, and audit logging for the various solution components.
Vulnerability Assessment: Conduct regular vulnerability assessments, providing summary reports of third-party assessments, identifying vulnerabilities, and tracking remediation status.
Ensure strong Cloud Security Compliance through proactive measures and continuous monitoring, safeguarding data and systems in alignment with industry standards.

Qualifications and Experience:

A minimum Bachelor's degree in Computer Science, Information Technology, or a related field. Master's degree preferred.

Minimum of 7 years of relevant experience in IT security, with a proven track record of handling complex security challenges.

Professional security certifications such as Certified Information Systems

Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Cloud Security Professional (CCSP), or others relevant to the role.

Strong understanding of security frameworks, standards, and regulations, such as NIST, ISO 27001, HIPAA, and GDPR.

In-depth knowledge of network protocols, operating systems, and cloud platforms.

Experience with security tools and technologies such as intrusion detection systems, firewall management, SIEM solutions, penetration testing tools, etc.

Familiarity with secure coding practices and software development lifecycle (SDLC) security considerations.

Excellent problem-solving skills, with the ability to analyze complex situations and recommend effective solutions.

Strong communication and interpersonal skills, capable of conveying technical concepts to both technical and non-technical audiences.

Proven ability to work collaboratively in cross-functional teams and adapt to a fast-paced, ever-changing environment.