As a security and compliance manager you will provide customer facing technical leadership as part of a data warehouse implementation team. You will be directly responsible for the security (RBAC, LDAP, DBMS, networking) and compliance (NIST, HIPAA, SSAE16, MITA) aspects of the solution and must be able to communicate your work to both technical and non-technical stakeholders. This position will also work to support security and compliance requirements on new opportunities across the organization.
Participate in requirements and design sessions to ensure that solution architecture complies with all applicable State and Federal regulations.
Support and maintain security policies/configuration for DBMS, applications, systems, etc in both on premise and cloud hosted solutions (e.g., encryption keys, access controls, separation of duties, database audit logging, Central Audit Logging/Monitoring, etc.).
Responsible for configuring, tuning, and review and of security logs (e.g., central systems logging, database logging) to reduce false positives and improve detection of anomalies.
Perform vulnerability security scans of systems to help identify and correct infrastructure security issues found in servers and databases.
Develop and maintain security plans, procedures, and other documentation as required.
Investigate new platforms and tools throughout the industry and make recommendations for their use in current and future projects
Advise management through the creation of scorecards and reporting that display our risk profile and provide insight for decision making.
Provide proactive analysis and options for systems and operations changes to implement regulatory requirements from CMS regarding the system.
Contact customer when new CMS rules (draft and final) are released, organizing meetings to present the results and help to provide comments for CMS and propose solutions to implement the rules (controls) in the system.
Required Technical and Professional Expertise
5+ years of IT experience
2+ years of related IT security experience
2+ years of experience in IT leadership
Healthcare IT Background
Experience with HIPAA and NIST 800-53 controls and application/implementation of controls in production environments.
Understanding of infrastructure control procedures and security (networking, OS, storage, application)
Ability to present information clearly and concisely to customers, management, and other non-technical stakeholders
Preferred Tech and Prof Experience
Knowledge and understanding of data warehouse solution architecture including DBMS, Data Management, BI, Analytics, etc.
Security or control related certification (e.g., CISA, CISSP).
Experience with external audits including FedRAMP, SSAE16, MITA, etc
Intermediate skill with scripting languages (Perl, Shell, SQL, VB, etc)
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.