Exempt/Non-Exempt
Exempt
Scheduled Hours Per Week
40
Myers and Stauffer LC is a certified public accounting and health and human services reimbursement consulting firm, specializing in audit, accounting, data management and consulting services to government-sponsored health and human services programs (primarily state Medicaid agencies, and the federal Center for Medicare & Medicaid Services). We have 45+ years of experience assisting our government clients with complex health care reimbursement and provider compliance issues, operate 20 offices and have over 900 associates nationwide.
At Myers and Stauffer, you will have a career that is rewarding while also supporting our state and federal government health and human services clients that focus on those in need. We are committed to providing our employees with professional growth and development opportunities, a diverse, dynamic, challenging work environment, and a strong and visionary leadership team.
What We Offer
- Health, Dental, and Vision insurance along with other competitive employee benefits
- Vacation time, sick time, paid holidays, and two floating holidays
- Paid Parental Leave and available support resources
- 401K with company matching for eligible employees
- Tuition reimbursement, referral bonuses, paid volunteer community service time, mentor program, and a variety of other employee programs and perks
- A combination of technical and leadership development training at each career milestone
- Up to six counseling sessions per year for eligible employees through our Employee Assistance Program
Position Overview
The Information Security Manager will support the protection of our information assets from intentional or unintentional disclosure, modification, destruction, or denial of access through the implementation of appropriate information security policies, standards, guidelines, and procedures. The Analyst’s primary role is to support our vulnerability and risk management programs and facilitate incident response procedures in a timely and accurate fashion.
The Information Security Analyst will conduct network and application vulnerability/risk assessments for the organization, participate in penetration testing and detection activities, and perform security incident response procedures utilizing internal and external resources. The analyst will assist with the implementation and enhancement of information security measures to safeguard our systems and information assets.
Essential Functions
- Perform audits, risk assessments, and vulnerability testing (internal, external, application, database, and firewall) to identify potential threats with appropriate remediation strategies.
- Identifies, investigates, and responds to potential threats, reported security violations/incidents.
- Conducts security audits, recommends, and implements corrective actions.
- Support the Vulnerability Management program to identify, communicate, and track vulnerabilities and patches for critical systems and devices.
- Support and manage threat detection solutions and processes including new deployments, maintenance, monitoring and investigation, and Security Operations Center team support.
- Support and assist with security endpoint and email solutions, system information and event management (SIEM), password vault, and network firewalls as needed with the focus on minimizing threats and exposure risks to MSLC.
- Recommend, pilot, and deploy additional security products and tools, or enhancements to existing tools, to detect violations of network security measures and malicious activities.
- Develop and implement, as required, the necessary monitoring and detection solutions to audit and enforce company policies, controls, and standards.
- Conduct research on emerging threats and mitigating security products, services, and standards to protect our systems, networks, and data.
- Assist with the development of security policy, awareness materials, presentations, and training sessions to ensure employee awareness of appropriate information security policies and controls.
- Assist in furthering the development of base line security configuration for systems, databases, networks, and applications
Preferred Qualifications
- CISSP, CISA, or equivalent certifications.
- Experience with network and application vulnerability management and assessment solutions.
- Knowledge of information security frameworks and standards including the NIST Cyber Security Framework, NIST SP 800-53 and ISO 27002 Information Security Control standards.
- Understanding of FISMA, StateRAMP, and FedRAMP.
- Experience with AICPA SOC1 type 2, SOC2 type 2 audits
- Experience with threat detection solutions and incident and breach response activities.
- Understanding of data protection requirements relating to personally identifiable information and protected health information.
- Knowledge of information security and computer network, application, and user access technologies including email security and encryption, multi-factor authentication, end-point security, anti-virus/anti-malware, and security log management.
Required Qualifications
- Bachelor’s degree or equivalent work experience required
- At least 6 years’ of related experience required
- Minimum 3 years’ of supervisory experience required
- Proficient knowledge of applicable infrastructure technologies
- Ability to execute and draft technical instructions, policies, and guidelines
- Ability to document daily control activities and system functions
- Ability to work independently and with cross-functional teams.
- Demonstrated ability to communicate verbally and in writing
- Ability to travel as required by business and on-call availability
The Team
Myers and Stauffer takes pride in the welcoming and collaborative culture we have throughout our offices. For this position, the employee will report to one of our Managers or Senior Managers on the Information Technology team.
Work Style
Our general business hours are Monday through Friday 8am-5pm, but can vary based on business needs. Dependent on performance, our in-office associates are eligible for a hybrid work schedule after their initial 90-day training period. As a company, we are always willing to discuss potential flexibility that an employee may need to better suit their work-life wellbeing.
Typical Interview Process
- Phone Screen with a Recruiter
- In person or remote interview with the hiring manager & team
- Hiring decision and job offer
REASONABLE ACCOMMODATION
If you are a qualified individual with a disability you may request reasonable accommodation if you are unable or limited in your ability to use or access this site as a result of your disability. You can request a reasonable accommodation by calling 844-558-1414 (toll free) or send an email to accom@cbiz.com .
EQUAL OPPORTUNITY EMPLOYER
CBIZ is an affirmative action-equal opportunity employer and reviews applications for employment without regard to the applicant’s race, color, religion, national origin, ancestry, age, gender, gender identity, marital status, military status, veteran status, sexual orientation, disability, or medical condition or any other reason prohibited by law. If you would like more information about your EEO rights as an applicant under the law, please visit these following pages EEO is the Law and EEO is the Law Supplement .
PAY TRANSPARENCY PROTECTION NOTIFICATION
Notice to Applicants and Associates of Affirmative Action Program
Notice to Third-Party Agencies
CBIZ does not accept unsolicited resumes from recruiters or agencies. Any staffing/employment agency, person or entity that submits an unsolicited resume to this site does so with the understanding that the applicant's resume will become the property of CBIZ. CBIZ will have the right to hire that applicant at its discretion and without any fee owed to submitting staffing/employment agency, person or entity.