Security Compliance Advisor

Great companies need great teams to propel their operations. Join the group that solves business challenges and enhances the way we work and grow. Working at Gainwell carries its rewards. You’ll have an incredible opportunity to grow your career in a company that values your contributions and puts a premium on work flexibility, learning, and career development. 

Summary

Gainwell is the leading provider of technology solutions that are vital to the administration and operations of health and human services programs. Gainwell is a new company with over 50 years of proven experience, a reputation for service excellence and unparalleled industry expertise. Gainwell, with more than 10,000 employees, will support clients across 42 U.S. states and territories with offerings including Medicaid Management Information Systems (MMIS), fiscal agent services, program integrity, care management, immunization registry and eligibility services.

At Gainwell, it’s easy to see the positive impact of what we do. The passion you bring to your career ultimately benefits the lives improved by services we provide to our clients. We encourage you to challenge yourself, learn and grow in a company that thrives on innovation. We go beyond entering new arenas to shaping markets with transformational experiences that redefine our business. The difference is clear.

Your role in our mission

• Designs audits of computer systems to ensure they are operating securely, and that data is protected from both internal and external attack. Makes recommendations for preventive measures as necessary.
• Assesses assigned system to determine system security status. Designs and recommends security policies and procedures to implement; ensures compliance to policies and procedures.
• Designs training materials for computer security and awareness programs.
• Evaluates highly complex security systems according to industry best practices to safeguard internal information systems and databases.
• Defines and reviews security requirements and subsequently reviews complex systems to determine if they have been designed and established to comply with established standards.
• Leads investigations of security violations and breaches and recommends solutions; prepares reports on intrusions as necessary and provides analysis summary to management.
• Responds to more complex queries and request for computer security information and reports from both internal and external customers.
• Provides technical consultation on highly complex tasks; may assist and/or provide limited direction to lower-level technical personnel.
• Provides product recommendations of security packages to customers; Reviews vendor products and makes recommendations as appropriate. Conducts cost analyses to determine feasibility of new products for clients.

What we're looking for

• Bachelor's degree in computer science, management information systems, or related field preferred.
• Nine or more years of experience in computer science, management information systems, or data security experience.
• Professional certification in compliance or security certifications (e.g., CISM, CISA, CRCM, CISSP).
• Expert level experience with the IT risk management (IT general controls, application controls, IT infrastructure controls) and controls frameworks (NIST 800-53,HIPAA, AICPA Trust Services Criteria) for compliance and assurance activities.
• Experience with IT controls over cloud platforms (AWS, Azure), operating systems (Windows, UNIX, Linux).
• Expert level experience supporting SOC 2 audits and/or NIST 800-53 and creating Plan of Action and Milestones (POAM).
• Understanding Governance, Risk and Compliance (GRC) solutions, preferably experience with ServiceNow Integrated Risk Management (IRM).
• Strong experience in drafting implementation statements and creating System Security Plans (SSP).
• Experience working with government agencies, preferably HHS (Health and Human Services).
• Project Management experience and ability to motivate teams to meet deadlines.
• Experience with MS PowerPoint and ability to present to senior leadership.

What you should expect in this role

• This opportunity is remote, based in the U.S, with up to 20% travel annually.
•  Alaska Standard Time work hours are required.

The deadline to submit applications for this posting is April 25, 2025.

The pay range for this position is $90,900.00 - $129,900.00 per year, however, the base pay offered may vary depending on geographic region, internal equity, job-related knowledge, skills, and experience among other factors. Put your passion to work at Gainwell. You’ll have the opportunity to grow your career in a company that values work flexibility, learning, and career development. All salaried, full-time candidates are eligible for our generous, flexible vacation policy, a 401(k) employer match, comprehensive health benefits, and educational assistance. We also have a variety of leadership and technical development academies to help build your skills and capabilities.

We believe nothing is impossible when you bring together people who care deeply about making healthcare work better for everyone. Build your career with Gainwell, an industry leader. You’ll be joining a company where collaboration, innovation, and inclusion fuel our growth. Learn more about Gainwell at our company website and visit our Careers site for all available job role openings.

Gainwell Technologies is committed to a diverse, equitable, and inclusive workplace. We are proud to be an Equal Opportunity Employer, where all qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical condition), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We celebrate diversity and are dedicated to creating an inclusive environment for all employees.