Security Officer

APPLICANT MUST BE A LEGAL RESIDENT OF THE STATE OF TENNESSEE (Minimum 60 days)

We are looking for a Security Officer to oversee our GRC (Governance, Risk, and Compliance) efforts, technical vulnerability management, and incident response. You will be responsible for maintaining our security posture across cloud and local systems while ensuring strict adherence to PCI, HIPAA, and internal data retention policies.The ideal candidate will have a demonstrable foundation in the security frameworks identified below.

Core Responsibilities

Compliance & Risk Management (GRC)

• Manage GRC Frameworks: Administer the Compliance Manager GRC tool to identify gaps and implement recommended security controls.
• Regulatory Oversight: Ensure continuous compliance with all applicable security standards; conduct annual reviews, complete compliance questionnaires, and review regular scans.
• Risk Assessment: Perform comprehensive risk assessments as required by regulatory bodies and internal stakeholders.
• Policy Enforcement: Document, maintain, and enforce data retention and security policies to align with company and legal requirements.

Vulnerability & Systems Security

• Vulnerability Remediation: Monitor Vulscan and other internal tools to identify, prioritize, and remediate security vulnerabilities.
• System Monitoring: Oversee Pulseway, Azure, and other internal systems; ensure all software updates and security patches are deployed promptly.
• Network Security: Actively monitor network traffic and security logs; implement architectural changes to harden the network against threats.
• Auditing: Conduct regular audits of security logs to identify anomalies or unauthorized access attempts.
• Manual processes: Perform supporting functions such as security scans, installing patches on production machines, assistance with the maintenance of office computer systems.

Incident Response & Documentation

• Incident Leadership: Serve as the Primary Point of Contact for all security incidents; lead the Incident Response Team from detection through recovery.
• Disaster Recovery: Create, maintain, and test Disaster Recovery (DR) procedures to ensure business continuity.
• Technical Documentation: Build and improve network diagrams, security procedures, and compliance logs to maintain an up-to-date knowledge base.
• Questionnaires: Act as the subject matter expert when responding to external security and vendor risk questionnaires.

Security Training & Culture

• Program Management: Maintain and implement the company-wide Security Awareness Training program using existing platforms.
• Compliance Tracking: Monitor employee training completion rates and provide recommendations for specialized training based on the current threat landscape.

Technical Skills Required

• Tools: Compliance Manager GRC, Vulscan, Pulseway, Microsoft Azure.
• Compliance Standards: CIS-18, HIPAA Security Rule, NIST SP 800-53 r5, NIST Cybersecurity Framework NIST Risk Management Framework, PCI-DSS
• Core Competencies: Incident Response, Network Documentation, Risk Assessment, and Policy Writing.

-------------------------

ADDITIONAL REQUIREMENTS

The successful candidate will consent to screening with the U.S. E-VERIFY System.

The successful candidate will consent to and pass a criminal background check.

The successful candidate will sign a non-disclosure, non-competition agreement.

---------------

EMPLOYMENT BENEFITS

8 Paid Holidays

Vacation 80 hours per year

PTO 16 Hours per year

Sick 32 Hours per year

------------------------

401k after a full one year of employment; the start date will be either Jan 1st or July 1st

Life , Short term and Long term disability: 30 day waiting period with insurance beginning the 1st day of the following month

Medical, dental and vision – 30 day waiting period with insurance beginning the 1st day of the following month

-------------------------

Enjoy our casual (but sensible) dress code.

--------------------------

Learn about what we do at
BE PREPARED TO TELL US WHAT YOU HAVE LEARNED FROM OUR WEBSITE

APPLICANT MUST BE A LEGAL RESIDENT OF THE STATE OF TENNESSEE (Minimum 60 days)

Job Type: Full-time

Pay: $45,000.00 per year

Benefits:

• 401(k)
• Dental insurance
• Health insurance
• Vision insurance

Application Question(s):

• Are you a legal resident of the state of Tennessee? (minimum 6 months)

Experience:

• Information security: 1 year (Required)

Work Location: In person