Octagos Health
Information Security Compliance Specialist
Octagos Health, Houston, Texas, United States, 77246
Key Responsibilities:
Compliance Management:
Thorough knowledge of SOC 2, HIPAA, and NIST 800-53, with the ability to design, implement, and monitor processes to ensure ongoing compliance. Azure Security:
Strong expertise in securing Azure-hosted infrastructure, including configuring security controls for Azure servers, virtual networks, and storage. Knowledge of configuring and using Azure-native tools such as Azure Policy, Azure Security Center, Azure Key Vault, and Azure Monitor for protecting cloud assets. Endpoint Security:
Expertise in implementing and managing Endpoint Detection and Response (EDR) and other security solutions on workstations and servers to detect and respond to threats in real-time. Experience deploying, managing, and monitoring endpoint security across workstations used by employees, ensuring adherence to security best practices. Incident Management:
Ability to detect, respond to, and resolve potential security breaches, ensuring responses meet healthcare standards. Knowledge of how to handle data breaches, including forensic investigation, communication, and remediation, in accordance with HIPAA guidelines. Training & Awareness:
Experience designing and implementing phishing testing campaigns and security awareness training for employees. Audit Preparation & Log Management:
Ability to prepare for security and compliance audits by managing audit trails, implementing log retention, and using monitoring tools like Azure Monitor and third-party solutions. Risk Assessment & Remediation:
Experience conducting risk assessments and applying the appropriate security controls to mitigate risks per NIST 800-53 and HIPAA. Hands-on experience in proactively identifying potential vulnerabilities and remediating them across Azure-hosted infrastructure and endpoints. Tooling:
Proficiency in using security tools such as: Azure Security Center for threat detection and monitoring. Azure Sentinel for Security Information and Event Management (SIEM).
Compliance management solutions for SOC 2 and HIPAA. Experience with phishing simulation tools and security awareness platforms to strengthen employee resilience to social engineering attacks. Automation:
Familiarity with automating security updates, patching, and monitoring using Azure Automation or other automation tools. Documentation:
Capability to document security policies, procedures, incident response plans, and compliance processes to maintain audit readiness. Qualifications:
Education: Bachelor's Degree in Computer Science, Information Security, or a related field Relevant Certifications such as CISSP, CISM, CISA or Certified HIPAA Professional (CHP) Certification in SOC 2 or NIST frameworks (e.g., CISA) is preferred. Certifications in cloud security, such as Microsoft Certified: Azure Security Engineer Associate, are a plus. Knowledge of Firewall/VPN configurations and Microsoft 365. Experience:
Minimum of 3-5 years of experience in a security or compliance role, preferably within a healthcare or SaaS environment. Proven experience maintaining SOC 2 and HIPAA compliance. Understanding of NIST 800-53 for managing risk and implementing security controls. Expertise in working with Azure security controls and configurations, particularly in securing cloud infrastructure. Familiarity with additional compliance frameworks such as HITRUST, ISO 27001, or GDPR is a plus. Experience with Identity and Access Management (IAM) systems (SSO, SAML, MFA) in healthcare environments is also a plus.
Compliance Management:
Thorough knowledge of SOC 2, HIPAA, and NIST 800-53, with the ability to design, implement, and monitor processes to ensure ongoing compliance. Azure Security:
Strong expertise in securing Azure-hosted infrastructure, including configuring security controls for Azure servers, virtual networks, and storage. Knowledge of configuring and using Azure-native tools such as Azure Policy, Azure Security Center, Azure Key Vault, and Azure Monitor for protecting cloud assets. Endpoint Security:
Expertise in implementing and managing Endpoint Detection and Response (EDR) and other security solutions on workstations and servers to detect and respond to threats in real-time. Experience deploying, managing, and monitoring endpoint security across workstations used by employees, ensuring adherence to security best practices. Incident Management:
Ability to detect, respond to, and resolve potential security breaches, ensuring responses meet healthcare standards. Knowledge of how to handle data breaches, including forensic investigation, communication, and remediation, in accordance with HIPAA guidelines. Training & Awareness:
Experience designing and implementing phishing testing campaigns and security awareness training for employees. Audit Preparation & Log Management:
Ability to prepare for security and compliance audits by managing audit trails, implementing log retention, and using monitoring tools like Azure Monitor and third-party solutions. Risk Assessment & Remediation:
Experience conducting risk assessments and applying the appropriate security controls to mitigate risks per NIST 800-53 and HIPAA. Hands-on experience in proactively identifying potential vulnerabilities and remediating them across Azure-hosted infrastructure and endpoints. Tooling:
Proficiency in using security tools such as: Azure Security Center for threat detection and monitoring. Azure Sentinel for Security Information and Event Management (SIEM).
Compliance management solutions for SOC 2 and HIPAA. Experience with phishing simulation tools and security awareness platforms to strengthen employee resilience to social engineering attacks. Automation:
Familiarity with automating security updates, patching, and monitoring using Azure Automation or other automation tools. Documentation:
Capability to document security policies, procedures, incident response plans, and compliance processes to maintain audit readiness. Qualifications:
Education: Bachelor's Degree in Computer Science, Information Security, or a related field Relevant Certifications such as CISSP, CISM, CISA or Certified HIPAA Professional (CHP) Certification in SOC 2 or NIST frameworks (e.g., CISA) is preferred. Certifications in cloud security, such as Microsoft Certified: Azure Security Engineer Associate, are a plus. Knowledge of Firewall/VPN configurations and Microsoft 365. Experience:
Minimum of 3-5 years of experience in a security or compliance role, preferably within a healthcare or SaaS environment. Proven experience maintaining SOC 2 and HIPAA compliance. Understanding of NIST 800-53 for managing risk and implementing security controls. Expertise in working with Azure security controls and configurations, particularly in securing cloud infrastructure. Familiarity with additional compliance frameworks such as HITRUST, ISO 27001, or GDPR is a plus. Experience with Identity and Access Management (IAM) systems (SSO, SAML, MFA) in healthcare environments is also a plus.