Cybersecurity Specialist

CDC Foundation•Oklahoma City, OK

6d•Remote

About The Position

The Cybersecurity Specialist will play a crucial role in advancing the CDC Foundation's mission by safeguarding the digital assets, data, and systems of a public health organization from cyber threats and attacks. This role is aligned to the Workforce Acceleration Initiative (WAI). WAI is a federally funded CDC Foundation program with the goal of helping the nation’s public health agencies by providing them with the technology and data experts they need to accelerate their information system improvements. Working within Southern Plains Tribal Health Board and the Oklahoma Area Tribal Epidemiology Center, the Cybersecurity Specialist will develop security measures and protocols to protect computer systems and networks from unauthorized access, data breaches, and other cyber attacks. Survey current system vulnerabilities to identity infrastructure needs. Monitor system security, develop the protocol to manage encryption, perform routine vulnerability scans, and maintain compliance with HIPAA and federal security standards. Coordinate security training and incident response. Strong technical skills are required in areas such as network security, encryption, intrusion detection, and incident response, as well as knowledge of regulatory compliance requirements, are essential for this role. Additionally, excellent communication and collaboration skills are crucial for effectively liaising with partners and maintaining a proactive approach to cybersecurity. The Cybersecurity Specialist will be hired by the CDC Foundation and placed with the Southern Plains Tribal Health Board administrative team’s IT department. This position is eligible for a fully remote work arrangement for U.S. based candidates.

Requirements

Bachelor’s degree in computer science, information technology, cybersecurity, or a related field. Advanced degree or professional certifications (e.g., CISSP, CISM, CEH) is preferred.
Minimum 5 years of experience in cybersecurity roles, with specific experience in risk assessment, incident response, and policy development.
Knowledge of cybersecurity principles, technologies, and best practices, including network security, encryption, identity and access management, and security monitoring.
Knowledge and familiarity with relevant regulatory requirements and frameworks, such as HIPAA, GDPR, NIST Cybersecurity Framework, and ISO 27001.
Strong analytical skills and attention to detail, with the ability to assess complex security issues and develop effective solutions.
Excellent communication and interpersonal skills, with the ability to collaborate effectively with partners at all levels of the organization.
Ability to work independently and prioritize tasks in a fast-paced environment, while also functioning as part of a multidisciplinary team.
Ability to convey technical concepts to non-technical partners effectively.
Outstanding interpersonal and teamwork skills; collegial; energetic; and able to develop productive relationships with colleagues, partners, and partners.
Flexibility to adapt to evolving project requirements and priorities.
Demonstrated ability to work well independently and within teams.
Experience working in a virtual environment with remote partners and teams.
Proficiency in Microsoft Office.
Up to 10% domestic travel may be required.

Nice To Haves

EMR Cybersecurity (3 years of preferred experience).
Experience working with Tribal organizations/agencies.

Responsibilities

Perform security testing and analysis, including vulnerability assessment, code reviews, business logic exploit testing, and implementation of automated cloud-based security frameworks. Automate infrastructure security testing and penetration testing.
Identify, analyze and correct security related issues.
Utilize advanced tools and techniques to detect and analyze potential cybersecurity threats and vulnerabilities across the organization's network, systems and applications.
Monitor security events and alerts in real-time, investigate potential security incidents, and respond promptly to mitigate threats and minimize impact.
Conduct regular vulnerability assessments and penetration testing to identify weaknesses in the organization's infrastructure, prioritize remediation efforts, and ensure systems are adequately protected.
Collaborate with technical teams to design and implement robust security architectures that align with business goals and industry best practices, incorporating elements such as firewalls, intrusion detection systems and encryption.
Develop and maintain cybersecurity policies, procedures, and standards, ensuring compliance with relevant regulations and industry frameworks. Enforce security policies through education, training and regular audits.
Develop and maintain incident response plans and playbooks, outlining procedures for effectively responding to security incidents, including containment, eradication and recovery efforts.
Provide cybersecurity awareness training to employees, contractors, and other partners to promote a culture of security and empower individuals to recognize and respond to potential threats.
Conduct comprehensive risk assessments to identify and prioritize security risks to the organization's assets and data, collaborating with partners to develop and implement risk mitigation strategies.
Ensure compliance with relevant regulatory requirements, industry standards, and contractual obligations related to cybersecurity, maintaining documentation and evidence of compliance efforts.
Evaluate the security posture of third-party vendors and service providers, assessing their ability to protect sensitive data and mitigate security risks effectively.
Prepare and present regular reports on security incidents, trends, and metrics to senior management and partners, providing insights into the organization's security posture and areas for improvement.
Up to 10% travel may be required.