Advanced RPO

  • Information Systems Security Officer

    Job Locations US-VA-McLean
    Req No.
    2018-9575
    Type
    Regular Full-Time
  • Overview

    Corcentric, a leading provider of cloud-based solutions to address financial process automation, is seeking an Information Systems Security Officer to develop, coordinate, deliver and control a comprehensive information security program, including information in electronic, print and other formats, for the company, as well as define IS technology requirements for network, infrastructure, database and web application systems.

    Responsibilities

    • Builds a strategic and comprehensive information security program that defines, develops, maintains and implements policies and processes that enable consistent and effective information security practices, minimizes risk, and ensures the integrity, confidentiality and availability of information that is owned or controlled by the company.
    • Ensures information security policies, standards, procedures and practices are up-to-date and in compliance with applicable legal requirements.
    • Performs ongoing information security risk assessments and audits to ensure that information systems are adequately protected and meet HIPAA certification requirements.
    • Works with delegated entities, other vendors, outside consultants, and other third parties to improve information security for all company health and other information.
    • Helps the leadership team understand the potential business impact of proposed new controls and of potential security risks from new business and initiatives.
    • Initiates, facilitates, and promotes activities to foster information security awareness within the organization.
    • Ensures that potential security risks associated with new and existing business processes and IT applications are identified and addressed.
    • Ensures that sensitive electronic information is protected in a manner that meets or exceeds all federal and state requirements.
    • Creates a culture of cyber security both within the IT organization and across the company.
    • Evaluates security trends, evolving threats, risks and vulnerabilities and applies tools to mitigate risk as necessary.
    • Respond to compliance/security incidents and events as necessary.
    • Ensures that the access control needs are addressed.
    • Ensures the company complies with the administrative, technical and physical safeguards required by state and federal laws.
    • Works closely with the Privacy Officer to ensure alignment between security and privacy compliance programs including policies, practices and investigations.
    • Responsible for development and implementation of security risk management plan, which includes an inventory of all software, hardware, and systems where sensitive or confidential information is maintained or transmitted.
    • Ensures the company has appropriate authorization policies and procedures, access controls, and audit logs to monitor activity on electronic systems that contain or use sensitive or confidential information.
    • Oversees periodic monitoring and reviewing of audit records to ensure that activity is appropriate. Such activity would include, but is not limited to, logons and logoffs, file accesses, updates, edits and printing.
    • Assists with the development of a Facility Security Plan to limit physical access to sensitive and confidential information
    • Oversees, develops and/or delivers initial and ongoing information security training to the workforce. Initiates, facilitates and promotes activities to foster information security awareness within the organization and related entities.
    • Participates in the development, implementation, and ongoing compliance monitoring of all employee agreements and policies, to ensure security concerns, requirements, and responsibilities are addressed.
    • Maintains current knowledge of applicable federal and state security laws, licensing and certification requirements and accreditation standards.
    • Serves as information security consultant to all departments for data security related issues.

    Qualifications

    • Bachelor degree in Information Systems (or equivalent work experience in a related field), and 5+ years of information security program creation, management/leadership experience.
    • Certification in ISS preferred, such as CISSP or similar
    • Working knowledge of federal and state laws, statutes, rules, policies and guidance for the security of sensitive and confidential information.
    • Prior experience with disaster recovery planning, business continuity, risk management, and monitoring technical and physical safeguards.
    • Demonstrated organization, facilitation, and multi-tasking skills.
    • Exceptional written and oral communication skills, including technical writing experience.
    • A high level of integrity, trust, and credibility.
    • The ability to influence senior business leaders about the need to embrace new security initiatives and controls; ability to influence colleagues at all levels.
    • Demonstrated skills in collaboration, teamwork and problem-solving to achieve goals.
    • Strong team player with the ability to work independently and within a group and maintain focus on strategic objectives
    • Go-getter attitude with ability to organize and manage multitude of new security control implementations
    • Proficiency in Microsoft Excel, Word, MS Project and PowerPoint

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed