Cloud Security and Compliance Specialist
Remote now and onsite later. client will help with relocation
Sunnyvale, CA
Need someone who in implementing programs SOX, SOC, ISO, HIPAA, HITRUST, FedRAMP
One is more technical focused in and worked in Security Operation Center (SOC) auditing and security implementation background with FedRAMP code scans and reports. Makes sense of the issues.
Second more compliance background govt 3PAO implementation policy and procedures individuals who write the procedures. Not someone who does checklist. Experience with compliance law CCPA no law degree but with the law. Knows policy
We are the leading provider of cloud customer engagement hub software for leading brands powered by AI and analytics. For over a decade, our solutions have helped improve customer experience, optimize service process, and grow sales across the web, social, and phone channels. Hundreds of the world's largest companies rely on our platform to transform their fragmented sales engagement and customer service operations into unified Customer Engagement Hubs (CEHs).
The Role:
We are currently looking for Cloud Security and Compliance Specialist to be a part of our Information Security team in Sunnyvale, California.
Responsibilities
Management and execution of compliance programs for SOX, SOC, ISO, HIPAA, HITRUST, FedRAMP, PCI, IL2, GDPR, CCPA and other data privacy regulations
Review, develop, execute, and maintain security policies and procedures for compliance
Create and maintain security documents, including System Security Plan (SSP), risk assessments, compliance documents, whitepapers, sales artifacts, etc.
Daily monitoring of security infrastructure, security logs, and tools
Incident management and response
Maintain and optimize security monitoring and alerting systems
Review and influence the system and product architecture, and provide security-related recommendations
Execute risk assessments and internal audits
Respond and communicate with internal teams, customers, and prospects worldwide on information security questionnaires and inquiries
Work with external auditors on regulatory and compliance program audits and assessments
Track findings and work with internal and external teams on mitigation and remediation
Align and consult on information security policies and procedures with key stakeholders including Sales, IT, Legal, Finance, Product, Engineering, and customers
Must-have qualifications
15+ years experience in an information security-related role, such as security analyst or security auditor
5 years experience conducting security control assessments or audits
Bachelor s degree in information systems, Information Technology, Computer Science (or professional experience working in Enterprise IT) or equivalent experience
Professional security management certification such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or other similar certification
Deeply familiar with HITRUST, BAA, Sarbanes Oxley (SOX), NIST cybersecurity framework, FIPS, FISMA, ISO 27000 security standards, PCI, SOC2, FedRAMP and data protection regulations and requirements
Experience with SIEM tools, methodologies, and best practices
Experience with firewall, IPS/IDS tools, OWASP, FIM, DLP, Application Control, PAM (Privilege access management), vulnerability scanning tools and log analysis, and other infrastructure security tools
Experience with risk management methodologies and frameworks
Experience with and proven methods for managing the information security incident lifecycle, including incident response, mitigation, post-action reporting, and mapping a path forward
Comfortable with ambiguity
Able to work efficiently with cross-functional teams and manage numerous projects simultaneously under deadline pressure with minimal guidance
Strong analytical, communication (verbal and written), and project management skills
Nice-to-have
US government cybersecurity work experience is desirable
US government clearance
Working knowledge of standard Unix infrastructure tools/protocols (DHCP, DNS, NTP, SYSLOG, SSH, IPSec, etc.)
Basic cross-functional understanding of network engineering concepts and protocols (e.g., TCP, UDP, SSL, SSH, VLAN, etc.)
Familiarity with AWS and Azure security models