Information Security Program Lead at eSimplicity

Columbia, Maryland, United States -

Full Time

Start Date

Immediate

Expiry Date

30 Jan, 26

Salary

0.0

Posted On

01 Nov, 25

Experience

10 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Information Security, Compliance, Agile Methodologies, Security Engineering, Vulnerability Management, Cloud Services, Incident Response, Security Documentation, Continuous Monitoring, Automation, Security Governance, Technical Leadership, Customer Service, Problem Solving, Analytical Skills, Communication Skills

Industry

IT Services and IT Consulting

Description

Description About Us: eSimplicity is a modern digital services company that partners with government agencies to improve the lives and protect the well-being of all Americans, from veterans and service members to children, families, and seniors. Our engineers, designers, and strategists cut through complexity to create intuitive products and services that equip federal agencies with solutions to courageously transform today for a better tomorrow. Overview: We’re seeking an Information Security Program Lead responsible for taking the lead on implementing security tools, security tool usage, ensuring tools remain compliant and configured properly, setting program policy all the while ensuring a successful program ATO. The Information Security Program Lead provides oversight and is the subject matter expert to lower-level Security personnel. The Information Security Program Lead is responsible to monitor, evaluate, and maintainsystems and procedures to safeguard internal information systems, networks, databases, and Web-based assets.? Responsibilities: Lead the security culture and practices across eSimplicity program(s), up to 15+ teams Lead the establishment, maintenance and optimization of security practices, compliance and engineering on program while collaborating with eSimplicity Rapid Innovation Center (RIC) to ensure consistent security practices. Ensure Program ATO compliance while achieving the highest levels of compliance while balancing program objectives and security requirements. Collaborate with Agile teams to embed security requirements, acceptance criteria, and compliance checkpoints into all sprint planning and release cycles. Lead continuous security validation efforts within CI/CD pipelines, integrating automated compliance, scanning, and policy enforcement. Technical Leadership & Governance Act as a hands-on security engineering and technical lead, providing direct oversight of remediation efforts, control implementation, and vulnerability management. Serve as a governance champion and subject matter expert, ensuring compliance with federal security frameworks and maintaining all Authorization to Operate (ATO) requirements. Provide architectural guidance and governance across Salesforce, AWS, and related cloud ecosystems, ensuring secure configuration and adherence to zero trust principles. Incident Response & Stakeholder Liaison Serve as the primary liaison for incident response, security inquiries, and compliance reporting to the federal agency and key stakeholders. Create and manage communication channels for timely, accurate responses to security-related data calls, including system compliance status, vulnerability metrics, and scanning results. Coordinate program responses to agency security inquiries, policy compliance, and audit activities. Security Governance & Documentation Oversee the creation and maintenance of security documentation, including System Security Plans (SSP), POA&Ms, Security Impact Analyses (SIA), and Continuous Monitoring artifacts. Lead and document Security Impact Analyses for system changes and ensure results are communicated and implemented program-wide. Ensure consistent application of security controls and continuous compliance validation across all environments. Continuous Monitoring & Automation Drive the automation of security processes across access control, vulnerability management, and compliance validation. Continuously monitor and assess the cybersecurity posture of program systems to protect against evolving threats. Direct the configuration, tuning, and optimization of security tools, dashboards, and guardrails to maximize efficiency and visibility. Clearance and Security Posture Management Manage end-to-end onboarding and offboarding security processes, ensuring timely provisioning, least-privilege enforcement, privileged account management, and periodic access reviews. Maintain dashboards and automated reporting that provide leadership and teams with real-time visibility into risk, vulnerabilities, and compliance status. Leadership & Business Enablement Mentor and coach program teams on security best practices, embedding a culture of continuous security improvement. Support business development activities, including proposal development, technical challenges, and client engagement, representing the organization’s cybersecurity capabilities. Coach, direct, and mentor security staff on all aspects of security practice and culture while building a world class security practice across eSimplicity program(s). Other duties as assigned. Requirements Required Qualifications: A Bachelor’s degree in Computer Science, Information Systems, Engineering, Business, or other related scientific or technical discipline. With 10 years of general information technology experience and at least four years of specialized experience, a degree is not required. Expert in setting program level security strategy (Privacy and Security Policies) Understands continuous automated security practices applied to data and application engineering teams. Expert in designing security “baked-in” to any architecture: Cloud and IaC, Applications, Web application, Data Processing, Data Centric Applications, AI/ML, CICD Pipelines; seeks automation driven designs. Experience with Agile methodologies Experience with Atlassian Jira/Confluence Experience with Security Information and Event Management (SIEM) systems. Demonstrated work experience and conceptual expertise with the following: computer networking, cryptography, security?engineering and architecture patterns, vulnerability assessments, or operating systems required.? Broad experience using cloud services, Linux systems, and Development/Data engineering core tools Github, GitHub Actions, Security Tools, etc. Demonstrated working knowledge of vulnerability assessment and penetration testing tools. Understands how to assess vulnerabilities and provide recommendations regardless of first-hand knowledge of the application or system. Proven ability to work effectively both independently and/or in a team setting.? Ability to communicate technical information to a non-technical audience.? Must possess strong analytical and problem-solving abilities; and strong critical-thinking skills in complex communication environments.? Strong attention to detail. Required to manage/follow-through of multiple independent tasks, dependencies across intra/inter-project teams Excellent organizational and time-management skills in a fast-paced environment.? Excellent customer service skills with the ability to deal tactfully, confidently, and ethically with both?internal and external customers. Expert in Government Agency Security Assessment Process in support of maintaining and/or establishing an ATO and the appropriate boundary. Experience with Centers for Medicare and Medicaid Services security practices or industry certification such as the CISSP, CEH, GIAC, etc. A driven security/privacy policy and engineering SME with an interest to drive their own career and corporate strategy through the business development engagement process. A passionate security and privacy leader that brings this passion to mentor other Security SMEs and promotes a security mindset across all engineering roles through continuous training engagements on/off the programs. Proven experience establishing a multi-program strategy for security and best practices (policy, process and technology). Excellent command of written and spoken English. Ability to obtain and maintain a Public Trust; residing in the United States Desired Qualifications: Experience working in the healthcare industry or Government Agency: CMS. Highly preferred industry certification such as the CISSP, CEH, GIAC, etc. Working Environment: eSimplicity supports a hybrid work environment operating within the Eastern time zone so we can work with and respond to our government clients. Expected hours are 9:00 AM to 5:00 PM Eastern unless otherwise directed by your manager.? Occasional travel for training and project meetings. It is estimated to be less than 5% per year.? Benefits: We offer highly competitive salaries and full healthcare benefits.? Equal Employment Opportunity: eSimplicity is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender, age, status as a protected veteran, sexual orientation, gender identity, or status as a qualified individual with a disability.?

Responsibilities

The Information Security Program Lead is responsible for implementing security tools and ensuring compliance while leading security practices across multiple teams. This role also involves providing oversight, mentoring lower-level security personnel, and acting as a liaison for incident response and compliance reporting.