skill rating below along with their resumes
HITRUST Total years of experience: x years Rating: x/10
HIPAA Total years of experience: x years Rating: x/10
SOC Total years of experience: x years Rating: x/10
NIST Total years of experience: x years Rating: x/10
PCI Total years of experience: x years Rating: x/10
Enterprise Risk Management Total years of experience: x years Rating: x/10
Third Party Risk Management Total years of experience: x years Rating: x/10
.
Primary Job Responsibilities:
• Partners with engineers to interpret and map compliance requirements to control implementation, and maintains an understanding across our products of all current and emerging technologies, open system standards, and management technologies as they relate to the support of our business needs.
• Provide support of the Third-Party Risk Management program, encompassing the formalization of internal and external compliance standards and continuous improvement of vendor onboarding processes.
• Support third party audits. Examples include SOC, HITRUST, HIPAA, NIST and PCI.
• Partners closely on security operations tasks with cross-functional teammates in IT, DevOps, Engineering, and Test.
• Directly facilitates operational and regulatory outcomes across our client portfolio, including continuous monitoring and compliance audits.
• Facilitates automation for compliance controls, evidence, and compliance artifact generation.
• Monitors and analyzes security risks and metrics to identify themes, trends, correlations, and variances.
• Creates knowledge base articles and ensures they are kept up-to-date. Provides operational training to partners and team members in accordance to industry standards.
• Performs on-going security testing, code reviews, and works with developers to remediate vulnerabilities and minimize the corporate risk profile.
Perform other related assigned duties as necessary to complete the Primary Job Responsibilities as described above.
Minimum Qualifications:
o Position requires a bachelor’s degree in information technology or related field and three years’ experience in information technology with compliance and security standards and frameworks, including: GDPR, HIPAA, PCI DSS, CIS Benchmarks and NIST frameworks. CCSP, CISSP, CISA, GCSA, GCPN, GPEN, or similar certifications are preferred. Will accept any suitable combination of education, training, and experience
o Position requires experience with a strong focus on automation in a large-scale SaaS environment; understanding of cloud infrastructure and security concepts; software engineering experience with a focus on security automation; experience with automated configuration management and deployment using tools such as Cloud Formation, Terraform, Ansible, Chef, and Python required; ability to clearly communicate compliance requirements to internal engineering teams and associated implementation to external customers ;experience building tooling for metric capture and compliance status; understanding of SDLC, CI/CD, and API driven workflows; strong attention to detail and written communication skills.
o Please plan to attend interviews with the candidates at the beginning to confirm candidate and their communications.
,
Karthik Yalamanchili |IT Recruiter
HCL Global Systems; Inc,
Desk No
Direct No
Mail: