Data Security Engineer II
Centene Corporation
AWSAzureCloudCyber Security
Director of Information Security and Compliance
First Stop Health
full-time
Posted on:
Origin: • 🇺🇸 United States
Visit company websiteJob Level
Lead
Tech Stack
AWSCloudSDLC
About the role
- Develop and execute a comprehensive security and compliance strategy in collaboration with the vCISO
- Own the security roadmap aligned to business goals and regulatory requirements
- Chair the Security Committee, lead policy creation and refresh cycles, and drive company-wide security culture
- Lead SOC 2 Type 2 and HIPAA compliance programs, including audit coordination, controls, and evidence collection
- Manage vendor due diligence, client security questionnaires, third-party security reviews, and maintain BAAs and PIAs
- Conduct regular risk assessments, pen testing, access reviews, vulnerability scans, and patching reviews
- Implement and manage IAM (SSO, conditional access, granular permissioning) and SIEM/logging/monitoring
- Deploy and operate security tooling (DLP, endpoint protection, vulnerability management) and automate security processes
- Coordinate incident response with IT, Engineering, Legal, and vCISO; lead tabletop exercises and after-action reviews
- Partner with engineering to embed security into SDLC, CI/CD, and infrastructure as code; implement secure cloud architecture and container security
- Design and deliver company-wide security training, phishing simulations, and guidelines for safe AI tool usage
- Report to the VP of IT and work closely with the virtual CISO and cross-functional teams
Requirements
- 7+ years of experience in information security roles, with a balance of compliance and technical expertise
- Proven experience with HIPAA, SOC 2, and healthcare privacy regulations
- Strong technical skills in cloud security (AWS), IAM, SIEM, DLP, vulnerability management, and security architecture
- Experience leading SOC 2 Type 2 audits and evidence collection
- Experience conducting risk assessments, pen testing, access reviews, vulnerability scans, and patching reviews
- Experience managing vendor due diligence, client security questionnaires, and third-party security reviews
- Experience maintaining BAAs, PIAs, and supporting CCPA/CPRA compliance
- Experience implementing and managing identity and access management (SSO, conditional access, granular permissioning)
- Experience building and maintaining SIEM, logging, and monitoring
- Experience deploying and operating security tooling: DLP, endpoint protection, vulnerability management
- Experience automating security processes (account administration, onboarding/offboarding, compliance workflows)
- Experience coordinating incident response and leading tabletop exercises and after-action reviews
- Ability to influence executives and cross-functional stakeholders; strong communication and project management skills
- Preferred certifications: CISSP, CISM, CISA, HCISPP, CCSP, or healthcare-specific equivalents
- Startup/SaaS and remote-first work experience highly valued
Similar jobs on JobTailor
Senior Cybersecurity Engineer
Kidde Global Solutions
AWSAzureCloudCyber SecurityGoogle Cloud PlatformPythonSDLCSplunk
Cybersecurity Lead
Ball Corporation
AWSAzureCloudCyber SecurityDNSFirewallsGoJenkinsLinux
Cybersecurity Advisor, vCISO
Huntress
AWSAzureCloudCyber SecurityGoGoogle Cloud PlatformPython
Consulting Director – Specialized and Proactive Services
Palo Alto Networks
AWSAzureCloudCyber SecurityGoogle Cloud Platform