Responsible for establishing and maintaining a corporate-wide Cyber Security program to ensure that information assets are optimally protected. Accountable for identifying, evaluating, and reporting on cyber security risks in a manner that meets compliance and regulatory requirements, and aligns with, and supports, the risk posture of the enterprise.

Responsibilities:• Develop and implement cyber risk management strategy and posture related to regulatory compliance requirements, along with multiple cybersecurity and privacy frameworks.• Manage project delivery and business development, along with mentoring and coaching others.• Perform comprehensive risk assessments using regulatory compliance standards (e.g., NERC CIP, HIPAA, FedRAMP and PCI-DSS) and industry-accepted cybersecurity and privacy frameworks (e.g., NIST (RMF, CSF, 800-53 Rev 4, 800-171, IR-7628), ISO 2700x, and SOC 2) to help identify meaningful gaps, evaluate and prioritize risks, and develop mitigation action plans for remediation.• Develop clear, legible and actionable reports and PowerPoint presentations, delivering clear, concise content to technical and non-technical stakeholders at multiple organizational levels.• Assist clients with designing, implementing and testing security controls which can be effectively measured, monitored and reported.• Utilize industry leading practices for architecture and design to enhance robustness of security and compliance posture through industry across on-premises and cloud-hosted environments.• Interface with vendors and support technical and non-technical client stakeholders, to drive widespread cybersecurity program adoption.• Monitor upcoming security standards and in-flight changes during solution development to help anticipate future cyber needs.• Advise clients on global, national and sector trends, collaborating with them to enhance cybersecurity and compliance capabilities, helping to mitigating risks.

Contributing towards patient care improvement for people living with cancer with more efficient T cell-based therapies.Responsibilities:• Work with Senior Counsel and IT Security to develop and align privacy and security policies and standards with organizational and technical objectives of the client.• Assist with response to and documentation of security incidents and remediation.• Conduct privacy and security risk assessments, and determine risks associated with business activities related to data or privacy and recommend solutions as needed.• Ensure that all information security and data privacy requirements specified in agreements and contracts are being met and fulfilled and industry standards are being followed.• Execute and review completed Service Provider assessments and determine and advise on the risk associated with each vendor and their associated third-party processors.• Quality audits of technology companies offering applications that will be use in both GxP and non GxP environments.• Maintain and revise data processing activities.• Support and advise on security and privacy laws and regulations (i.e., GDPR, CCPA, HIPPA).

• Oversee the development and implementation of corporate-wide application security procedures in client environments to meet corporate and government regulations.• Ensure that application security procedures meet business requirement’ and that information is safeguarded against unauthorized use, disclosure or modification, and damage or loss.• Oversee the implementation of appropriate access controls to ensure that access to systems, data and programs is restricted to authorized and trained users. Oversees the destruction of highly sensitive confidential information in accordance with policies and procedures.• Develop and implements detailed security procedures. Oversees security administrator team to ensure compliance with client security procedures. Ensures compliance with program security requirements including personnel, physical and administrative security systems and procedures.• Serve as a subject matter expert concerning security procedures and audit compliance.• Coordinate sensitive aspects of corporate security programs to ensure compliance with client, government and company security policies and procedures including verifying adherence to specific policies and ensuring policy compliance with government regulations.• Provide leadership and work guidance to less experienced personnel.• Develop, coordinate and conduct security education programs to educate appropriate personnel about security systems and their importance.• Investigate or oversees the investigation of losses and security violations and recommends corrective actions. Implements approved course of action as appropriate. Provides summaries for senior management review.• Research technological advancements to ensure that security solutions are continuously improved, supported and aligned with industry and company standards.

• Conduct regular assessments of site implementation of FISMA controls to support Continuous Monitoring.• Perform computer security Incident Response activities for a site, coordinates with virtual security team to record and report incidents.• Provide security expertise in FISMA, OMB, NIST and federal government requirements to support IT Security and Privacy compliance.• Lead execution of ATO and POA&M activities at the site, developing all supporting documentation to demonstrate resolution.• Support vulnerability management and responds to vulnerability reports for applicability at the site, taking remedial actions.• Support implementation of Physical and Environmental as well as Personnel Security controls at the site.• Support other Assessment and Authorization activities.• Review Computer Security Plan and implement actions which accurately reflects the security protection measures for each unclassified information system.• Implement site procedures for marking, handling, controlling, removing, transporting, sanitizing, reusing, and destroying media/equipment containing unclassified information.• Work with Asset Managers and Facility Security personnel to monitoring changes to the unclassified system components, environment, and location, including temporary relocation to another unclassified area.• Serve as an informational resource to users for all I.T. and Physical security questions concerning site security.• Perform security debriefing on behalf of MAXIMUS.

· Assessed information security program based on NIST Cyber Security standards.· Developed a security roadmap designed to comply with HIPAA/HITECH and PCI DSS.· Responsible for securing MS 365 during and following implementation.· Implemented an internal vulnerability assessment and analysis program and remediation process.· Established a process for reviewing current and future vendor associations.· Leader of projects on third party risk assessments and remediation.· Supplemented and implemented security policies and procedures.· Implemented an internal Phishing Campaign with the goal of reducing the percentage of phishing incidents.· Developed user provisioning to streamline user access, transfer and termination processes resulting in fewer errors and increasing ROI.· Developing mature incident response plan and investigation processes.· Development and testing lead for incident response, business continuity and disaster recovery programs allowing for more expedient and organized response.· Responsible for security budget development.· Accountable for contract and BAA review and approval.

Design, implement and direct the enterprise Information Security program.Develop, implement, manage and test PCI, HIPAA privacy and security for enterprise facilitiesDesign and implement security structures and policies to support the data security needs of confidential systems and dataCollaborate with management to determine acceptable levels of risk for the enterpriseDirect the remediation of audit vulnerabilities/failures reported by internal or 3rd party security auditsDesign third party security agreements and direct their useDevelop, implement and oversee the Security Awareness programEvaluate and select security products, such as DLP, end point encryption, IAM, NIDS, HIDS, etc.

Design, implement and direct the enterprise Information Security program.Responsible for implementation, management and testing of enterprise security and compliance with SOX 404, HIPAA, and COBIT control objectivesDevelop, implement, manage and test HIPAA security compliance for enterprise facilitiesDesign and implement security structures and policies to support the data security needs of confidential systems and dataCollaborate with management to determine acceptable levels of risk for the enterpriseDirect the remediation of audit vulnerabilities/failures reported by internal audit or 3rd party auditsDesign third party security agreements and direct their useDesign, direct and review third party security assessmentsDevelop, implement and oversee the Security Awareness programEvaluate and direct the implementation of security products, such as DLP, ISAM, end point encryption, IAM, NIDS, HIDS, etc.