Document Security Administrator jobs in Durham, NC

Work Schedule:

This hybrid position works a regularly scheduled 40-hour workweek; hours are flexible and may extend earlier in the day or later in the evening as duties necessitate. You must be willing to travel into the office and Data Center ~2-3x/week (as needed). This position is exempt and not eligible for overtime pay.

Supervisory Responsibility None

Summary

We are looking for a dynamic individual who is familiar with SOC2 and HIPAA compliance who can work in maturing the Information Security compliance requirements and positively impact our risk tolerance as an organization.

Responsible for implementing, managing, and enforcing information security directives as mandated by HIPAA and our SOC 2 program while ensuring the ongoing integration of information security with business strategies and requirements. This role ensures that adequate and effective security processes, controls, and lifecycles are followed and aligned to deliver compliance with security policy and regulatory requirements.

This includes working closely with the Security Administrator and Security Officer maintaining and the updating security compliance and assurance program, auditing activities, establishing appropriate assessments, managing, and tracking risk mitigation and remediation activities, and communicating compliance and assurance program results to Senior Management.

Essential Duties and Responsibilities:

• Serves as the information security compliance liaison and subject matter expert for various business units and information technology departments.
• Managing and overseeing meaningful progress against Millennia’s Risk Register and TPRA Risk Tracker.
• Performs and/or oversees periodic risk assessments and that they identify current and future internal and external information security vulnerabilities, provides necessary information to derive decisions about risk acceptance and risk mitigation, and identifies strategies to reduce information security risks.
• Investigating actual or potential information security violations, managing Incident Response Program, managing security remediation efforts, and following up investigations with written reports.
• Coordinate third-party engagements inclusive of TPRA’s, training, penetration testing, tabletop exercises, etc.
• Respond to Vendor Security Risk Assessments and questionnaires.
• Implement a variety of information security related policies and procedures that are in alignment with industry best practices and standards.
• Implement and manage the employee security awareness program to promote a culture of security and awareness, along with educating users on information security best practices.
• Coordination and participation in Millennia’s Change Management program.
• Coordinate and assist with managing an asset inventory system.
• Manage the Access Control Management and support any related technologies.
• Oversee threat and vulnerability management program by running routine information security assessments and managing the related risk acceptance workflow processes across teams.
• Plan, coordinate, and implement security measures for information systems to regulate access to computer data files and prevent unauthorized modification, destruction, or disclosure of information in accordance to regulating organizations.
• Supports and updates a centralized repository of security controls aligned with corporate and regulatory requirements.
• Manage internal auditing program, ticket automation, and audits for systems.
• Support department with client ticketing requests.
• Provide backup functions to the Security Administrator.

Competencies:

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.

We are looking for a passionate security professional who is self-directed. They must have a positive attitude toward their work, fellow colleagues, and the company. They must possess natural ease in dealing with people, have an ability to present themselves with confidence and speak before an audience, handle themselves professionally and compassionately toward others, and demonstrate a mature thought process to train and troubleshoot relevant topics to their audience. This individual must be willing to learn and take ownership of processes they are responsible for and seek to assist others. Communication and time management are crucial to this role. They should be able to see gaps, solve problems, and build and improve operational processes.

Minimum Qualifications:

• Bachelor’s degree or equivalent work experience in a related field is preferred.
• 3 years of experience in a security compliance or similar role.
• 3 years of experience working comprehensive knowledge of HIPAA, and SOC 2 or HITRUST framework.
• Experience working in a HIPAA regulated industry.
• Experience working with Atlassian tools.
• Experience with Microsoft Active Directory and Azure.
• Excellent time-management, prioritization, and task management skills.
• Ability to work independently and in a team environment with strong interpersonal and communications skills to facilitate productive working relationships.
• Experience with vulnerability assessment tools and penetration testing methodologies.
• Excellent written and verbal skills.
• Process oriented with exemplary documentation skills.

Highly Beneficial:

• Familiarity with the following toolsets is beneficial.
• Microsoft Azure and Active Directory
• USM Anywhere (Alienvault)
• Cohesity & Helios
• Tenable.io
• KnowBe4
• Crowdstrike Falcon Complete
• Veracode
• Experience with virtualization.

Job Type: Full-time

Pay: $95,000.00 - $120,000.00 per year

Benefits:

• 401(k)
• Dental insurance
• Health insurance
• Life insurance
• Paid time off
• Vision insurance

Schedule:

• Monday to Friday
• Weekends as needed

Application Question(s):

• On a scale of 1-10, how would you rate your comprehensive understanding of a Security Program that is inclusive of the requirements of HIPAA and/or SOC 2?

Experience:

• Security Compliance: 3 years (Required)
• Software Ticketing System: 1 year (Required)
• Microsoft Active Directory: 1 year (Preferred)
• Azure: 1 year (Preferred)

Ability to Relocate:

• Cary, NC 27513: Relocate before starting work (Required)

Work Location: Hybrid remote in Cary, NC 27513