Job Description

THE COMPANY

Acumen, LLC provides government agencies with high-quality, impartial research and analytical tools to inform decision-making. The activities that we perform reflect the general principle that providers, policy makers, and public citizens should have the best available evidence upon which to base their choices.

THE TEAM

The Information Security team (InfoSec) is responsible for data governance, policy, and the combined set of tools, personnel, and processes that enable formalized risk management across the organization. We take a proactive, risk-based approach to security, systematically monitoring vulnerabilities in IT systems and applications to ensure they meet the highest standards of security and compliance. Our work ensures that security is not only maintained, but continuously improved in response to evolving threats.

The team is a collaborative group of Security Operations specialists, Compliance Analysts, and Government Risk and Compliance experts dedicated to protecting Acumen’s data, systems and users. We foster a supportive culture that emphasizes continuous learning and knowledge sharing enabling our team to stay informed of emerging threats, tools, and bast practices.

THE ROLE

As a critical part of the InfoSec team, the Compliance Analyst I will collaborate with business leads, application developers, and system and network engineers to apply security best practices and solutions. This role is essential to protecting proprietary information, sensitive healthcare data, and the overall network environment.

Moreover, the Compliance Analyst I support Acumen’s risk management efforts by helping to ensure internal systems and processes align with internal policies and compliance requirements. This includes cross-team collaboration to remediate vulnerabilities swiftly.

The Compliance Analyst I reports to the Lead Information Security Administrator and in the role will report to the Lead Information Security Administrator and works closely with internal teams to respond to vulnerabilities, strengthen our security posture, and maintain compliance standards.

WHAT YOU’LL DO

Auditing and Risk Management

• Conduct assessments and gap analyses of compliance activities to support effectiveness indicators provided by government agencies
• Conduct internal audits of the system environment and relevant policies and procedures
• Collect information and evidence for external audits and client inquiries
• Integrate auditing protocols into development cycles and assisting with system architecture and design

Compliance and Knowledge Management

• Implement and maintain applicable security and privacy regulatory and legal requirements into company’s Information Security Program.
• Research and maintain understanding of policies, regulations & laws at the state and federal levels
• Build understanding of security frameworks and standards for NIST, FedRAMP, FISMA, HIPAA, SOC2 and other relevant information security and privacy regulations.
• Contribute to the development and management of comprehensive documentation demonstrating continuous regulatory compliance effectiveness
Reporting
• Contribute to briefings for senior management of implications of changes to the company’s security & privacy policies, procedures, processes.
• Contribute to internal policy recommendations for maintaining compliance,
• Develop reports and actionable information pertaining to risk and incident discovery and remediation technologies, techniques, and processes
• Support the creation and delivery of annual Incident Response Tabletop Exercise and Contingency Plan Testing

A TYPICAL DAY

• A core part of your day includes reviewing outputs from vulnerability scanning tools to identify, document, and track vulnerabilities and compliance deviations. You’ll work closely with cross-functional teams to ensure these issues are remediated in accordance with the Service Level Agreements (SLAs).
• In the morning, you’ll join a recurring internal team meetings to update the team on the status of progress of ongoing security initiatives and action items.
• Throughout the day, you’ll consistently monitor and engage with internal communication channels to stay informed and connected to the team.
• In the afternoon, you’ll attend a meeting with employees from IT and Software Development teams to discuss progress on a new security software. You’ll take meeting notes and track action items to disseminate with attendees.

WHO YOU ARE

Qualifications required to be successful in the role:

• You have a Bachelor’s degree in Computer Science, security, compliance, or related field
• You have up to 2 years of experience working in the information security domain serving in a role in supporting and managing security compliance
• You are enthusiastic about learning the data security principles needed to implement security controls and oversee data security practices
• You have excellent organizational, analytical, and problem-solving skills
• You are energized by problem-solving. You’re able to maintain a level head when a curveball is thrown your way and you enjoy the challenge of connecting the dots and identifying what’s needed to resolve it.
• You have reliable interpersonal, oral and written communication skills
• You’re able to effectively collaborate with IT system architects, technical project teams, and high-level business managers
• You are a self-starter and are able to take initiative to stay abreast of security developments and threats
• You’re able to demonstrate adaptability, prioritize tasks, and meet deadlines in a fast-paced environment

Qualifications Desired:

• CISA or CISM certificate (in progress or completed)

Please note, this is an onsite position is available in our Burlingame, CA or Los Angeles, CA offices. You will have the opportunity to indicate your office preference when completing the application.

Please upload all documents requested in the application. We are excited to review your application and look forward to seeing how you can contribute to our mission!