Director of Information Security and Compliance
Contegix San Antonio, TX
- Expired: over a month ago. Applications are no longer accepted.
Are you looking to join a growing company where you can do the best work of your career? At Contegix we believe in a team environment that promotes the ability to make a difference within the organization. We treat our employees with the same commitment to “Go Beyond” in an environment of respect, collaboration and dedication to excellence.
Contegix is a strategic advisor for digital applications that improve the customer experience. As a Managed Service Provider, we specialize in Content Management Systems (CMS) like Drupal and WordPress, the Atlassian toolset, DevOps tools, and IT administration—all in the private or public cloud.
We have an exciting opportunity for a Director of Information Security and Compliance. This is an integral part of our company with the overall responsibility of managing information security and compliance policies and procedures. This position will provide strategic direction with security audits, security trainings, compliance, and with protecting the data of our customers, team members and organization.
- Perform continuous development, manage, and execute the information security and compliance program, the training program, and the internal and customer vulnerability management program.
- Manage the Information Security and Compliance team.
- Monitor security threat and risk management feeds. Decide with notifications impact Contegix and/or Contegix customers, generate notices for appropriate teams.
- Monitor security threat and risk management feeds for concerns which potentially destabilize internal Contegix controls which therefore cannot be shared with internal teams; evaluate coordination options, determine trusted personnel and perform remediation as necessary.
- Monitor internal communication channels for indicators of security events or actions which have a possible security ramification, also to enforce policy and procedure adherence.
- Manage FedRAMP program.
- Update FedRAMP assessment and authorization documents.
- Manage assessments: SOC2, HIPAA, PCI DSS, FedRAMP.
- HIPAA health information security risk assessments.
- Migrate customer scans across environments.
- Advise customers on compliance requirements applicable to the customer but not Contegix.
- Build customer Splunk reports by request.
- Build Splunk networking and security dashboards.
- Network troubleshooting support.
- Troubleshoot vulnerability scans.
- Vulnerability scan T3 support.
- Address customer security survey requirements.
- Provide T3 support for the following:
- Support team for security and compliance requirements
- Support team for customer security incidents
- Support team for vulnerability scanning program
- Professional services team for security and compliance requirements
- Customer system design and architecture
- Customer assessment and compliance evidence collection
- RFP strategy sessions, new contracts
- Review customer DPA/BAA/CCPA documents; including ad hoc customer security requirement documents
- Support sales team for security and compliance customer concerns, both pre- and post-contract signing
- A bachelor’s degree in computer science, information systems, or a related field with security certification (CISA, CISSO, etc.).
- Minimum of 5 years of experience in an information security role.
- Strong understanding of security tools, technologies, and policies.
- Excellent verbal, written, and interpersonal communication skills, including the ability to communicate effectively with the IT organization, project and application development teams, management, and customers.
- In-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls.
- Experience developing and maintaining policies, procedures, standards, and guidelines
- Experience with compliance audits such as FedRAMP/FISMA and SOC 2/ISO required, PCI preferred.
- Experience with SSAE-18/SOC 2 to familiarity with ISO control mapping.
- Familiarity with HIPAA/HITECH and GDPR requirements.
- Familiarity with bastion architectural design models.
- Familiarity with authorization boundary concepts.
- Familiarity with CIS benchmarks.
- Familiarity with Nessus Pro/Tenable vulnerability scanning products or equivalent.
- Familiarity with Splunk Enterprise administration and SPL (Splunk processing language).
- Familiarity with Nipper Studio or equivalent for firewall review.
- Familiarity with data redaction principles.
- Familiarity with security architecture and operational principles.
Contegix professionals are committed to excellence. We strive to be experts in our chosen fields, and to be knowledgeable consultants who understand our clients’ needs and work creatively to leverage technology for their competitive advantage.
Visit our website for additional information www.contegix.com.
Equal Opportunity Employer
Contegix participates in the E-Verify program. Therefore, any employment with Contegix will also be contingent upon confirmation from the Social Security Administration (“SSA”) and/or the Department of Homeland Security (“DHS”) of your authorization to work in the United States.
AddressSan Antonio, TX
TechnologyView all jobs at Contegix