Security Compliance Specialist

The Capio organization ensures the confidentiality, integrity and availability of technology assets and information across all Capio networks, systems, and applications. Our Information Technology department integrates cybersecurity governance, policies, technologies, and operations across Capio, and works to incorporate security into the design of technology systems and services.

In this role, you will assist in the development and execution of information security programs designed to protect critical company assets. Additionally, you will participate in customer and third-party security and compliance audits. This hands-on technical position requires experience in security architecture, trends and threats, policy writing, business continuity planning, and risk management.

Responsibilities

• Assist in defining information security standards, procedures, and guidelines in accordance with relevant regulations and industry best practices.

• Supports the initiatives of the information security program and coordinates with the various lines of business as needed defining and assisting in the implementation of physical, technological, procedural, policy, and training safeguards.
• Assist in management of security tools such as security information and event management (SIEM), static code analysis, data loss protection (DLP), and vulnerability assessment solutions.
• Enhance Capio’s security culture by organizing security awareness campaigns and security training.

• Performs security audits and event investigations, following forensic guidelines to preserve evidence for potential legal action and audits.
• Monitors and responds to alerts from key security technologies and other internal sources.
• Performs information security reviews of current and potential vendor relationships.
• Facilitates the information security training and awareness programs.
• Research emerging threats, evaluating likelihood of occurrence, and controls to mitigate them.
• Identifies vulnerabilities within the Capio environment with oversight of associated remediation activities.
• Participates in responding to security alerts reported by outside provider.

• Devise and execute means to test security implementation and adherence to security practices.
• Perform periodic risk assessments and controls audits.
• Answer security questionnaires for Capio’s customers, detailing the ways in which Capio protects its health information.
• Coordinate the response to security incidents.

Qualifications

• Bachelor’s degree in computer science, information security, information assurance, or related field preferred; or equivalent professional work experience required.
• 2 years information security / information assurance experience preferred.
• Applicable security certifications a plus (CISSP, GSEC, GSNA, CISA, etc.)
• Must have a strong understanding of concepts and technology across all IT areas to be able to spot gaps and develop appropriate controls.
• Experience in developing Information Technology and Information Security policies and controls in a regulated environment; Health Information Trust Alliance (HITRUST) and SOC 2 experience a plus.
• Technical knowledge in relevant technology areas: networking, servers, storage, virtualization, cloud.
• Technical knowledge in network security design and architecture, endpoint protection, patch-management, vulnerability management, penetration testing, intrusion detection, risk management, mobile device management, wireless management, data loss prevention, forensics.
• Demonstrated analytical, problem-solving, project management, and critical thinking skills required.
• Strong verbal, written, communication and presentation skills required.
• Ability to work with little supervision and consistently deliver results required.

Personal Characteristics

• Sound administrative skills, management skillsprinciples and people.
• Experience in working in specific area of responsibility.
• Proven ability motivate personnel.
• Demonstrates accuracy and thoroughness.
• Monitors own work to ensure quality.
• Understanding of the collection industry and governing legislation.
• Strong analytical, numerical, and reasoning abilities.
• Participative management typeadvocates team concept.
• Well-developed, mature interpersonal skills with diverse personalities.
• Attention to detail
• Ability to establish credibility and be decisivebut able to recognize and support the organization's preferences and priorities.
• Satisfactory communication skills, written and verbal.
• Results oriented.

Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• The employee must occasionally lift and /or move up to 25 pounds.
• While performing the duties of this Job, the employee is occasionally required to walk.
• The employee is frequently required to stand; use hands to finger, handle, or feel; reach with hands and arms and talk or hear; operate a PC by use of mouse and keyboard.
• The employee is occasionally required to sit, stoop, kneel, or crouch.

Vision Requirements

• Close vision (Clear vision at 24 inches or less)

Work Environment

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.

Moderate noise (examples: business office with computers and printers, light traffic, call center environment with multiple conversations occurring at once)