We are seeking to add a talented Information Assurance and Compliance Analyst to join our team. This role requires a high degree of technical cyber security experience. This person will be responsible for all security-related tasks, including day-to-day administration of different information security tools and devices and configuration and fine-tuning of tools to improve effectiveness in security event monitoring. This position will support our Federal security programs and initiatives. This person will also perform regular security analyses and update security-related policies and procedures as necessary.

This is a high-impact role on a small team at an early-stage growth software company. Candidates should enjoy tough technical challenges, high responsibility, and building new things.

What You’ll Be Responsible For Achieving:

• Lead risk assessment processes and oversee implementation of security plans to meet customer and regulatory requirements.
• Develop System Security Plans (SSP), including Security Concept of Operations, Risk Management Matrix, Security Control Traceability Matrix, Security Test Procedures, and Plan of Action and Milestones (POAM)
• Conduct internal information security audits around ISO 27001/2, SOC2, HITRUST and FedRAMP security controls
• Communicate regularly with stakeholders on security compliance issues, status of remediation, and assisting in generation of reports and metrics on overall state of the program
• Work with Project Managers ensuring appropriate information security policies, standards, procedures, and guidelines are being incorporated across services and infrastructure
• Manage and track remediation of identified risks and vulnerabilities and provide appropriate reporting to all interested parties

Requirements

• Experience with Enterprise Governance, Risk Management, and Compliance (GRC) tools
• Experience with event monitoring and alerting tools such as AlertLogic, Stackdriver, and Splunk
• Working knowledge of security regulations, standards, and frameworks, including but not limited to ISO27000, SOC2, GDPR, and NIST
• Excellent written and verbal communication skills with the ability to accurately communicate security and risk-related information to technical and non-technical audiences
• Experience in developing, documenting and maintaining security procedures.
• Knowledge of network infrastructure and security, including routers, switches, firewalls, and associated network protocols and concepts.
• Knowledge of security auditing techniques.
• Knowledge of computer control environments.
• Strong knowledge of technology and security topics including network security, wireless security, application security, infrastructure hardening and security baselines, web server and database security.
• Strong written and verbal communication skills.
• Ability to clearly and effectively communicate concerns, issues and research to other teams.

What Will Make You Stand Out:

• Bachelor's Degree in Computer Science, Engineering, or other Engineering or Technical discipline or equivalent relevant experience.
• 5+ years of experience IT Security Strategy, Risk Management, IT Audit and Compliance
• CISSP certification
• Extensive experience with AWS
• Experience with Government Security Requirements as outlined in NIST guideline
• Experience with Risk Management Framework processes
• Experience managing resources performing multiple project related tasks

Excellent customer-facing communication skills

• Strong time management and analytical skills
• A reputation for superb communication skills with other engineers and teammates
• You have a reputation for a high level of craftsmanship about your work

Benefits

Join our team and help us deliver Care Without Barriers. Our company offers significant opportunity for motivated self-starters who thrive in a fast-paced environment that is quickly transitioning from a startup to a highly recognized healthcare industry disruptor. We offer an exceptional benefits package including health, dental and vision, 401k savings, flexible vacation and working policies, competitive salaries and stock options and an EcoPass. CirrusMD is located in the Catalyst HTI building in Denver’s RiNo neighborhood, a newly built office space, with access to open-air shared workspaces and community areas, and a highly engaged community of healthcare and tech innovation leaders. Subsidized parking, on-site gym and shower facilities are also available to our team. Given the current environment, most employees are working remotely and we plan to maintain a conservative approach to revisiting employees working in the office.

Salary Range: 90k - 115k

CirrusMD helps health plans create happier, healthier, and more engaged members by giving them access to on-demand virtual care solutions that they love to engage with. Our chat-powered care delivery platform connects members to a dedicated, board-certified physician in under 90 seconds from any web-enabled device, with no cost and no time limits attached. CirrusMD enables a stress-free, human care conversation that doesn’t end until members get the answers (and peace of mind) they need to manage their wellness. CirrusMD has partnered with over a dozen major national payers and healthcare systems to deliver extraordinary virtual care to millions of lives across the nation. The company was founded in 2012 and is headquartered in Denver, CO.

CirrusMD is committed to creating a diverse and inclusive workforce and is proud to be an equal opportunity employer. We aim to create a workplace that celebrates the diversity of our employees, users, and customers. We strive to deliver products and services that work for everyone by including perspectives from backgrounds that vary by race, ethnicity, social background, religion, gender, age, disability, sexual orientation, veteran status, and national origin. We are particularly focused on ensuring women and BIPOC are equally represented across all positions, including management. Our focus is on advancing, cultivating, preserving a culture of diversity and inclusion as it directly aligns with our mission to provide access to affordable and personalized health care for everyone.
 

Notice to recruiters and placement agencies:

If you are a recruiter or placement agency, please do not submit résumés to any person or email address at CirrusMD prior to having a signed agreement with Human Resources. CirrusMD is not liable for and will not pay placement fees for candidates submitted by any agency other than its approved recruitment partners. Also, any résumés sent to us without an agreement in place will be considered your company's gift to CirrusMD and may be forwarded to our Talent Acquisition team.