Information Systems Security Officer I

🕒 March 26

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Bellese Technologies

WebsiteLinkedInAll Job Openings

51 - 200 employees

⚕️ Healthcare Insurance

Healthcare Insurance • Technology • Public Sector Service

Bellese Technologies is a company focused on improving the healthcare journey through civic innovation. They are not just a digital service provider, but a partner committed to supporting millions of Americans with civic tech solutions. The company prides itself on being accessible, transparent, and trusted, as evidenced by its recognition as one of the 'Top 20 Most Promising Tech Solution Providers for the Public Sector' by CIO Review Magazine. Bellese emphasizes service design, product management, data science, and software engineering, all with a focus on improving quality of care and price transparency in healthcare. Their work involves end-to-end discovery methods to create services and digital products that meet program, policy, and user needs. The company operates with a human-centered and innovative approach, ensuring their solutions are both practical and effective, especially in the public healthcare sector.

📋 Description

• (1) SIA Maintenance (Primary Focus): You will proactively identify system changes in HQR and QMARS and document them in a Security Impact Analysis (SIA) to ensure the ATO remains valid. • CFACTS Governance: You will serve as the "Source of Truth" for the system's security posture in CFACTS, managing control implementation statements and evidence. • Audit Defense & Evidence Gathering: You will lead the "Audit Season" efforts, gathering screenshots, logs, and process documentation to prove to CMS auditors that controls are "Effective." • Risk Advising: You will attend sprint ceremonies for HQR (50%) and QMARS (50%) to advise developers on CMS security standards before they build, preventing "security rework" later. • POA&M Life-cycle: You will track security weaknesses from discovery to remediation, ensuring the program meets CMS's strict 30/60/90-day patching windows. • Policy Stewardship: You will ensure all program documentation (Contingency Plans, Incident Response Plans) is reviewed and signed off annually per FISMA requirements.

🎯 Requirements

• At least 4 years of experience establishing security controls as outlined in the responsibilities section above. • Experience working with two or more from the following: web application development, unix/linux environments, distributed systems, machine learning, developing large scale systems and API services, security software development • Experience with one or more infrastructure scripting languages: Terraform, CloudFormation, Ansible, Chef or Puppet, Kubernetes • Experience implementing two or more cloud-based solutions: global infrastructure, virtual clouds, virtual computing, serverless computing, load balancing and networking, data storage and data streaming, hadoop, map reduce, secured REST-based API endpoints, security • Direct, hands-on experience with CFACTS. (This experience is only available if you hve worked with CMS (Centers for medicare & medicaid) • Proven ability to author Security Impact Analyses (SIA), System Security Plans (SSP), and Privacy Impact Assessments (PIA) specifically under NIST 800-53 Rev 5 and CMS ARS 5.0. • A&A Lifecycle: Experience taking a system through the Assessment & Authorization (A&A) process to achieve or maintain an ATO (Authority to Operate). • Vulnerability Management: Ability to interpret Tenable/Nessus or WebInspect scans to translate technical vulnerabilities into POA&Ms (Plan of Action and Milestones) that developers can understand. • Cloud-Native Compliance: Understanding of how to document security controls for AWS-native services

🏖️ Benefits

• Remote First, Remote Only Culture • Four weeks paid time off yearly (prorated based on start date for the first year) • 10 paid floating company holidays • Flexible schedule • Work from home setup including a Macbook • Collaborative, learning environment • Medical, dental, and company-paid vision insurance • Optional HSA account with some medical plans and a company contribution • Company paid basic life and AD&D insurance coverages • Company paid short and long term life insurance • Optional critical illness and accident insurance • 401K plan with 3% safe harbor contribution • Wellness resources and virtual care • Perks Plus employee discounts