eGain customer engagement solutions deliver digital transformation for leading brands – powered by virtual assistance, AI, knowledge, and analytics. Our comprehensive suite of applications helps clients deliver memorable, digital-first customer experiences in an omnichannel world. To find out more about eGain, visit https://www.egain.com.
POSITION: CLOUD SECURITY AND COMPLIANCE SPECIALIST
Location: Sunnyvale, CA
Experience: 10+ years
Job description
We are currently looking for Cloud Security and Compliance Specialist to be a part of our Information Security team in Sunnyvale, California.
Responsibilities
- Management and execution of eGain’s compliance programs for SOX, SOC, ISO, HIPAA, HITRUST, FedRAMP, PCI, IL2, GDPR, CCPA and other data privacy regulations
- Review, develop, execute, and maintain security policies and procedures for compliance
- Create and maintain security documents, including System Security Plan (SSP), risk assessments, compliance documents, whitepapers, sales artifacts, etc.
- Daily monitoring of security infrastructure, security logs, and tools
- Incident management and response
- Maintain and optimize security monitoring and alerting systems
- Review and influence the system and product architecture, and provide security-related recommendations
- Execute risk assessments and internal audits
- Respond and communicate with internal teams, customers, and prospects worldwide on information security questionnaires and inquiries
- Work with external auditors on regulatory and compliance program audits and assessments
- Track findings and work with internal and external teams on mitigation and remediation
- Align and consult on information security policies and procedures with key stakeholders including Sales, IT, Legal, Finance, Product, Engineering, and customers
Must-have qualifications
- 10+ years’ experience in an information security-related role, such as security analyst or security auditor
- 5 years’ experience conducting security control assessments or audits
- Bachelor’s degree in information systems, Information Technology, Computer Science (or professional experience working in Enterprise IT) or equivalent experience
- Professional security management certification such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or other similar certification
- Deeply familiar with HITRUST, BAA, Sarbanes Oxley (SOX), NIST cybersecurity framework, FIPS, FISMA, ISO 27000 security standards, PCI, SOC2, FedRAMP and data protection regulations and requirements
- Experience with SIEM tools, methodologies, and best practices
- Experience with firewall, IPS/IDS tools, OWASP, FIM, DLP, Application Control, PAM (Privilege access management), vulnerability scanning tools and log analysis, and other infrastructure security tools
- Experience with risk management methodologies and frameworks
- Experience with and proven methods for managing the information security incident lifecycle, including incident response, mitigation, post-action reporting, and mapping a path forward
- Comfortable with ambiguity
- Able to work efficiently with cross-functional teams and manage numerous projects simultaneously under deadline pressure with minimal guidance
- Strong analytical, communication (verbal and written), and project management skills
Nice-to-have
- US government cybersecurity work experience is desirable
- US government clearance
- Working knowledge of standard Unix infrastructure tools/protocols (DHCP, DNS, NTP, SYSLOG, SSH, IPSec, etc.)
- Basic cross-functional understanding of network engineering concepts and protocols (e.g., TCP, UDP, SSL, SSH, VLAN, etc.)
- Familiarity with AWS and Azure security models
To apply
Send your resume and cover letter in MS Word, to vsingh@egain.com, and include the position in the subject line of the email.