Security Compliance Lead
Herndon, VA

Job Description

The Company

Hitachi Vantara, a wholly owned subsidiary of Hitachi, Ltd., helps data-driven leaders use the value in their data to innovate intelligently and reach outcomes that matter for business and society - what we call a double bottom line. Only Hitachi Vantara combines 100+ years of experience in operational technology (OT) and 60+ years in IT to unlock the power of data from your business, your people and your machines. We help enterprises store, enrich, activate and monetize data for better customer experiences, new revenue streams and lower business costs.

The Role

Hitachi Vantara is seeking a Cybersecurity Compliance lead with previous experience supporting enterprise security services for public and private sector agencies. This role is responsible for identifying and assessing information technology and security risks within a broader enterprise risk management program.

The Compliance lead will leverage engineering, operational, and analyst team input, while providing thought leadership in assisting our partners, educational institutions, state, local, and government agency customers to enable them to move their workloads and heavily regulated data into the cloud. This will be done by addressing their specific security and compliance requirements. The cybersecurity compliance lead will develop high-level strategies to address overall risk to IT systems and customer data through recommendations to IT systems owners and management.

This candidate should be a technically experienced information security professional who can translate technical security solutions to address a wide range of IT security, privacy and compliance challenges. This Compliance lead will directly partner with customers in adapting their security control framework to enable them to move their sensitive workloads to the cloud environment.

This position requires significant hands-on experience with the compliance standards. The candidate will ensure that Assessment and Authorization processes are followed, and documentation is accurate and complete for all applicable compliance frameworks within the organization. The individual should strong interpersonal skills and be willing to take initiative in a dynamic, client facing environment.

Responsibilities

* Analyze and recommend solutions for information security rated issues based on experience and security best practices for IT systems, services, applications and products
* Participate in public sector regulatory security assessments and authorizations with teams and customers. This includes determining control requirements, recommending and pursing alternative approaches to assist customers in developing compliance roadmaps
* Partner directly with clients to review compliance documentation, requirements, and assist withthe understating of control implementations within the client's environment
* Work with clients to resolve concerns and to understand how compliance is achieved while operating IT in the cloud through delivery of training, deep dive discussions, strategic presentations/ recommendation, and hands on demonstrations of compliance in the environment
* Assist the Compliance Advisory team in determining the strategic direction of the program based on customer interaction and demonstrative metrics
* Be and remain connected with industry trends and events. Develop and maintain key business relationships with key industry personnel and policy makers
* Assist work of internal and external auditors of client advisors as needed
* Keep Compliance Advisory leadership team fully informed of customer engagement status, issues, and activities.
* Understand cloud-based engineering implementations and enterprise information system flow
* Support the deployment and integration of security and compliance related within a client's cloud infrastructure
* Provide proactive mitigation steps of infrastructure, applications vulnerabilities and recommending compensating controls

Preferred Requirements

* Minimum 7 years of IT work, 5 years' experience in Security Engineering and assessment and authorization for public and private sector agencies
* Hands-on experience with the FISMA compliance standards and the ability to apply the NIST Risk Management Framework
* Understands how to utilize NIST and FedRAMP documentation including SP-800-30, SP-800-37, SP 800-53, SP 800-39, and SP 800-37, FIPS 199, FIPS 200, OMB A-130.
* Experience in performing and/or participating in technical assessments in direct support of compliance efforts such as (DoD SGR, FISMA, FedRAMP, HIPAA, PCI, GxP)
* Experience in developing and reviewing system security plans, information security policies and procedures, contingency plans, incident response plans, etc.
* Experience in the review and advisement of continuous monitoring activities (POA&Ms, vulnerability management, Incident Response, Significant change etc.)
* Experience defining compliance roadmaps based on customer requirements, security documentation and ensuring that committed deliverables are on schedule.
* Familiarity with Cloud Computing models (IaaS, PaaS, SaaS)
* Understanding of Infrastructure, Platform and Application Layer Security implementation
* Familiarlywith common security tools, MFA, Web services
* Excellent oral and written communication skills
* Ability to think critically and be responsive to time sensitive requests
* Bachelor's degree in Information systems, related discipline or equivalent experience
* US Persons categorization preferred.
* CISA, CISSP, CCSP, CISM, CAP or similar industry certifications preferred

We are an equal opportunity employer. All applicants will be considered for employment without attention to age, race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.