Cloud Security and Compliance specialist - Fedramp- compliance role- relocation asistance

  • Comrise,
  • Sunnyvale, CA
  • 19 hours ago
Fedramp, SOX, SOC
Full Time
Depends on Experience
Work from home available

Job Description


Cloud Security and Compliance Specialist

Remote now and onsite later. client will help with relocation

Sunnyvale, CA

Need someone who in implementing programs SOX, SOC, ISO, HIPAA, HITRUST, FedRAMP

One is more technical focused in and worked in Security Operation Center (SOC) auditing and security implementation background with FedRAMP code scans and reports. Makes sense of the issues.

Second more compliance background govt 3PAO implementation policy and procedures individuals who write the procedures. Not someone who does checklist. Experience with compliance law CCPA no law degree but with the law. Knows policy

We are the leading provider of cloud customer engagement hub software for leading brands powered by AI and analytics. For over a decade, our solutions have helped improve customer experience, optimize service process, and grow sales across the web, social, and phone channels. Hundreds of the world's largest companies rely on our platform to transform their fragmented sales engagement and customer service operations into unified Customer Engagement Hubs (CEHs).


The Role:

We are currently looking for Cloud Security and Compliance Specialist to be a part of our Information Security team in Sunnyvale, California.



Management and execution of compliance programs for SOX, SOC, ISO, HIPAA, HITRUST, FedRAMP, PCI, IL2, GDPR, CCPA and other data privacy regulations

Review, develop, execute, and maintain security policies and procedures for compliance

Create and maintain security documents, including System Security Plan (SSP), risk assessments, compliance documents, whitepapers, sales artifacts, etc.

Daily monitoring of security infrastructure, security logs, and tools

Incident management and response

Maintain and optimize security monitoring and alerting systems

Review and influence the system and product architecture, and provide security-related recommendations

Execute risk assessments and internal audits

Respond and communicate with internal teams, customers, and prospects worldwide on information security questionnaires and inquiries

Work with external auditors on regulatory and compliance program audits and assessments

Track findings and work with internal and external teams on mitigation and remediation

Align and consult on information security policies and procedures with key stakeholders including Sales, IT, Legal, Finance, Product, Engineering, and customers


Must-have qualifications

15+ years experience in an information security-related role, such as security analyst or security auditor

5 years experience conducting security control assessments or audits

Bachelor s degree in information systems, Information Technology, Computer Science (or professional experience working in Enterprise IT) or equivalent experience

Professional security management certification such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or other similar certification

Deeply familiar with HITRUST, BAA, Sarbanes Oxley (SOX), NIST cybersecurity framework, FIPS, FISMA, ISO 27000 security standards, PCI, SOC2, FedRAMP and data protection regulations and requirements

Experience with SIEM tools, methodologies, and best practices

Experience with firewall, IPS/IDS tools, OWASP, FIM, DLP, Application Control, PAM (Privilege access management), vulnerability scanning tools and log analysis, and other infrastructure security tools

Experience with risk management methodologies and frameworks

Experience with and proven methods for managing the information security incident lifecycle, including incident response, mitigation, post-action reporting, and mapping a path forward

Comfortable with ambiguity

Able to work efficiently with cross-functional teams and manage numerous projects simultaneously under deadline pressure with minimal guidance

Strong analytical, communication (verbal and written), and project management skills



US government cybersecurity work experience is desirable

US government clearance

Working knowledge of standard Unix infrastructure tools/protocols (DHCP, DNS, NTP, SYSLOG, SSH, IPSec, etc.)

Basic cross-functional understanding of network engineering concepts and protocols (e.g., TCP, UDP, SSL, SSH, VLAN, etc.)

Familiarity with AWS and Azure security models

Dice Id : comrise
Position Id : fedrampcompl
Originally Posted : 3 months ago
Have a Job? Post it