Cloud Security and Compliance Specialist 

Remote now and onsite later. Client will help with relocation

Sunnyvale, CA

Need someone who in implementing programs – SOX, SOC, ISO, HIPAA, HITRUST, FedRAMP

One is more technical – focused in and worked in Security Operation Center (SOC) – auditing and security implementation – background with FedRAMP – code scans and reports. Makes sense of the issues.

Second more compliance background – govt – 3PAO implementation – policy and procedures – individuals who write the procedures. Not someone who does checklist. Experience with compliance law – CCPA – no law degree but with the law. Knows policy

We are the leading provider of cloud customer engagement hub software for leading brands powered by AI and analytics. For over a decade, our solutions have helped improve customer experience, optimize service process, and grow sales across the web, social, and phone channels. Hundreds of the world's largest companies rely on our platform to transform their fragmented sales engagement and customer service operations into unified Customer Engagement Hubs (CEHs).

 

The Role:

We are currently looking for Cloud Security and Compliance Specialist to be a part of our Information Security team in Sunnyvale, California.

 

Responsibilities

·       Management and execution of compliance programs for SOX, SOC, ISO, HIPAA, HITRUST, FedRAMP, PCI, IL2, GDPR, CCPA and other data privacy regulations

·       Review, develop, execute, and maintain security policies and procedures for compliance

·       Create and maintain security documents, including System Security Plan (SSP), risk assessments, compliance documents, whitepapers, sales artifacts, etc.

·       Daily monitoring of security infrastructure, security logs, and tools

·       Incident management and response

·       Maintain and optimize security monitoring and alerting systems

·       Review and influence the system and product architecture, and provide security-related recommendations

·       Execute risk assessments and internal audits

·       Respond and communicate with internal teams, customers, and prospects worldwide on information security questionnaires and inquiries

·       Work with external auditors on regulatory and compliance program audits and assessments

·       Track findings and work with internal and external teams on mitigation and remediation

·       Align and consult on information security policies and procedures with key stakeholders including Sales, IT, Legal, Finance, Product, Engineering, and customers

 

Must-have qualifications

·       15+ years’ experience in an information security-related role, such as security analyst or security auditor

·       5 years’ experience conducting security control assessments or audits

·       Bachelor’s degree in information systems, Information Technology, Computer Science (or professional experience working in Enterprise IT) or equivalent experience

·       Professional security management certification such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or other similar certification

·       Deeply familiar with HITRUST, BAA, Sarbanes Oxley (SOX), NIST cybersecurity framework, FIPS, FISMA, ISO 27000 security standards, PCI, SOC2, FedRAMP and data protection regulations and requirements

·       Experience with SIEM tools, methodologies, and best practices

·       Experience with firewall, IPS/IDS tools, OWASP, FIM, DLP, Application Control, PAM (Privilege access management), vulnerability scanning tools and log analysis, and other infrastructure security tools

·       Experience with risk management methodologies and frameworks

·       Experience with and proven methods for managing the information security incident lifecycle, including incident response, mitigation, post-action reporting, and mapping a path forward

·       Comfortable with ambiguity

·       Able to work efficiently with cross-functional teams and manage numerous projects simultaneously under deadline pressure with minimal guidance

·       Strong analytical, communication (verbal and written), and project management skills

 

Nice-to-have

·       US government cybersecurity work experience is desirable

·       US government clearance

·       Working knowledge of standard Unix infrastructure tools/protocols (DHCP, DNS, NTP, SYSLOG, SSH, IPSec, etc.)

·       Basic cross-functional understanding of network engineering concepts and protocols (e.g., TCP, UDP, SSL, SSH, VLAN, etc.)

·       Familiarity with AWS and Azure security models