Octagos Health
Information Security Compliance Specialist
Octagos Health, Houston, TX
Key Responsibilities:
Compliance Management:
Azure Security:
Endpoint Security:
Incident Management:
Training & Awareness:
Audit Preparation & Log Management:
Risk Assessment & Remediation:
Tooling:
Automation:
Documentation:
Qualifications:
Experience:
Compliance Management:
- Thorough knowledge of SOC 2, HIPAA, and NIST 800-53, with the ability to design, implement, and monitor processes to ensure ongoing compliance.
Azure Security:
- Strong expertise in securing Azure-hosted infrastructure, including configuring security controls for Azure servers, virtual networks, and storage.
- Knowledge of configuring and using Azure-native tools such as Azure Policy, Azure Security Center, Azure Key Vault, and Azure Monitor for protecting cloud assets.
Endpoint Security:
- Expertise in implementing and managing Endpoint Detection and Response (EDR) and other security solutions on workstations and servers to detect and respond to threats in real-time.
- Experience deploying, managing, and monitoring endpoint security across workstations used by employees, ensuring adherence to security best practices.
Incident Management:
- Ability to detect, respond to, and resolve potential security breaches, ensuring responses meet healthcare standards.
- Knowledge of how to handle data breaches, including forensic investigation, communication, and remediation, in accordance with HIPAA guidelines.
Training & Awareness:
- Experience designing and implementing phishing testing campaigns and security awareness training for employees.
Audit Preparation & Log Management:
- Ability to prepare for security and compliance audits by managing audit trails, implementing log retention, and using monitoring tools like Azure Monitor and third-party solutions.
Risk Assessment & Remediation:
- Experience conducting risk assessments and applying the appropriate security controls to mitigate risks per NIST 800-53 and HIPAA.
- Hands-on experience in proactively identifying potential vulnerabilities and remediating them across Azure-hosted infrastructure and endpoints.
Tooling:
- Proficiency in using security tools such as:
- Azure Security Center for threat detection and monitoring.
- Azure Sentinel for Security Information and Event Management (SIEM).
- Compliance management solutions for SOC 2 and HIPAA.
- Experience with phishing simulation tools and security awareness platforms to strengthen employee resilience to social engineering attacks.
Automation:
- Familiarity with automating security updates, patching, and monitoring using Azure Automation or other automation tools.
Documentation:
- Capability to document security policies, procedures, incident response plans, and compliance processes to maintain audit readiness.
Qualifications:
- Education: Bachelor's Degree in Computer Science, Information Security, or a related field
- Relevant Certifications such as CISSP, CISM, CISA or Certified HIPAA Professional (CHP)
- Certification in SOC 2 or NIST frameworks (e.g., CISA) is preferred.
- Certifications in cloud security, such as Microsoft Certified: Azure Security Engineer Associate, are a plus.
- Knowledge of Firewall/VPN configurations and Microsoft 365.
Experience:
- Minimum of 3-5 years of experience in a security or compliance role, preferably within a healthcare or SaaS environment.
- Proven experience maintaining SOC 2 and HIPAA compliance.
- Understanding of NIST 800-53 for managing risk and implementing security controls.
- Expertise in working with Azure security controls and configurations, particularly in securing cloud infrastructure.
- Familiarity with additional compliance frameworks such as HITRUST, ISO 27001, or GDPR is a plus.
- Experience with Identity and Access Management (IAM) systems (SSO, SAML, MFA) in healthcare environments is also a plus.