Role Description Lead security compliance and ATO activities for a major government healthcare organization's ServiceNow implementation. Ensure the solution meets FedRAMP High requirements and federal security standards. - Lead Authority to Operate (ATO) package development and submission - Coordinate FedRAMP compliance activities with ServiceNow as the CSP - Implement and document customer responsibility matrix controls - Conduct security assessments and vulnerability remediation - Ensure compliance with federal security policies and NIST 800-53 controls - Monitor and respond to security events and incidents - Develop and maintain security documentation including SSP, POA&M, and contingency plans - Coordinate with government ISSO and Security Operations Center Qualifications - 7+ years of information security experience, with 3+ years in federal environments - FedRAMP and federal ATO experience required - Experience with cloud security (AWS, Azure) and SaaS security models - Knowledge of NIST 800-53, FISMA, and federal security requirements Requirements - Bachelor’s degree in computer science or related field - CISSP, CISM, CISA or equivalent certification required Company Description Excentium is a Service-Disabled Veteran-Owned Small Business (SDVOSB) providing cybersecurity and IT services to federal agencies. We hold FedRAMP 3PAO accreditation, CMMC Level 2 certification, and maintain facility clearances supporting our mission-critical work across government. We take pride in building a workforce with strong Veterans focus.

Role Description We are seeking a visionary yet pragmatic Chief Information Security Officer (CISO) to build and own Nsight Health’s security and compliance function from the ground up. As we scale our AI-powered healthcare platform, we require a leader who views security not as a blocker, but as a competitive differentiator and a prerequisite for enterprise growth. Reporting directly to the COO, you will inherit an existing compliance team and a mandate to elevate our security posture. This is a "builder-operator" role: you will establish frameworks (CIS, SOC 2), mature existing HIPAA processes, and serve as a credible, forward-leaning partner to our AI-focused product and engineering teams. AI Fluency Requirement — Non-Negotiable Nsight Health is an AI-first organization. Every member of our leadership and operations team is expected to actively use AI tools in their day-to-day work — not as a novelty, but as a core productivity multiplier. This role requires genuine curiosity about AI, comfort experimenting with tools like Claude, ChatGPT, and workflow automation platforms, and the judgment to know when AI helps and when it doesn't. If AI makes you uncomfortable, this is not the right role. Key Responsibilities - Security Program Ownership: Build and continuously improve Nsight’s security policies and standards; establish a risk-based framework grounded in CIS Controls and maintain our security architecture across cloud and SaaS platforms. - Regulatory & Compliance Leadership: Own the end-to-end HIPAA/HITECH program; lead SOC 2 Type II certification efforts, embedding controls into daily workflows so compliance is continuous rather than an annual event. - AI Security & Innovation: Actively assess the security implications of our AI-forward stack (LLMs, agentic workflows, and automation); develop guardrails that balance rapid innovation with responsible risk management. - Vendor & Incident Management: Design and lead a robust vendor risk management program and own the enterprise incident response plan, including tabletop exercises and real-time incident management. - Team Leadership: Directly lead and mature the existing compliance function; partner with the VP of IT on internal systems security and foster a security-first culture that enhances, rather than hinders, productivity. The Impact You’ll Make - Strategic Trust: You will turn security into a sales accelerator by providing clear, jargon-free assurance to our enterprise customers and partners. - Scalable Governance: You’ll transition the company from "startup speed" to "enterprise-ready" by automating evidence collection and risk assessments. - AI Resilience: You will ensure our AI-first mission is built on a rock-solid foundation, identifying emerging AI-specific attack vectors before they impact the business. Qualifications - 8+ years of information security experience, with at least 3 years in a leadership role owning a security or compliance program. - Deep HIPAA/HITECH Expertise: Practical knowledge of operationalizing compliance in a SaaS healthcare environment. - SOC 2 Mastery: Hands-on experience achieving or maintaining SOC 2 Type II certification. - AI Fluency: Genuine enthusiasm for and professional experience using AI tools (ChatGPT, Claude, etc.) as a core productivity multiplier and a deep understanding of their security implications. - Incident Leadership: Demonstrated experience managing real-world security incidents and data breaches. Preferred - Certifications: CISSP, CISM, HCISPP, or equivalent. - Industry Background: Experience in healthcare SaaS, digital health, or value-based care technology. - Builder Mindset: Prior experience building a security function from scratch at a growth-stage or PE-backed company. - Technical Breadth: Familiarity with cloud security (AWS/GCP/Azure) and AI governance frameworks. Compensation & Benefits - Competitive base pay: $180,000 – $220,000 annually. - Additional Compensation: Bonus Eligible: Annual performance-based bonus (Company + Individual). - Benefits Include: - Unlimited PTO - Medical, Dental, Vision, and supplemental insurance options - 401(k) Plan with 3.5% Company Match - Company-provided equipment Join Our Mission-Driven Team At Nsight Health, you’ll be part of a fast-growing organization that sits at the intersection of healthcare, technology, and compassion. We’re looking for a CISO who cares deeply about protecting patient data while enabling the future of connected care. Our team culture is collaborative, agile, and purpose-driven. Every role—from clinical operations and customer success to marketing, technology, and leadership—directly contributes to improving how healthcare organizations care for their patients.

Role Description Sift Healthcare is seeking a Senior Cloud Security Engineer to join our growing team. The Senior Cloud Security Engineer will be responsible for designing, implementing, and maintaining secure cloud infrastructure, platforms, and applications for Sift and will work closely with cross-functional teams to identify and mitigate risks, develop and implement cloud security strategies, and ensure compliance with regulatory requirements. - Cloud Security Engineering: Design, develop, and implement cloud-based infrastructure and programs, including identity and access management, configuration management, and security monitoring. - Cloud Security Architecture: Design and implement secure cloud architectures. - Security Operations: Lead the secure operations of cloud infrastructure, platforms, and software, including installation, maintenance, and improvement of cloud computing environments. - Threat Modeling and Risk Assessment: Analyze and identify potential security threats, assess risks, and develop mitigation strategies to ensure the security and integrity of cloud-based systems. - Compliance and Governance: Ensure compliance with regulatory requirements (e.g., HIPAA, Fed/StateRAMP, GDPR) and organizational policies, and develop and maintain cloud security governance frameworks. - Collaboration and Communication: Partner with architects, engineers, and data scientists to develop and implement AI/ML and cloud security strategies. - Continuous Improvement: Identify areas for improvement to enhance visibility, detective capabilities, and risk reduction. Qualifications - 8+ years of relevant Cyber Security experience. - Strong understanding of cloud security frameworks, regulations, and standards (e.g., NIST, ISO 27001). - Experience with cloud security tools and technologies (e.g., AWS IAM, AWS Control Tower, GuardDuty, Macie, CNAPP, CWPP, SIEM). - Excellent communication and collaboration skills, with the ability to work with technical and non-technical stakeholders. - Highly organized and motivated, with the ability to deliver results with minimal direction. Requirements - Cloud certifications (e.g., AWS Certified Security). - Experience with DevOps and automation tools (e.g., Terraform, Ansible, GitHub Actions). - Knowledge of scripting languages (e.g., Python, Bash, R, Jupyter Notebook, PowerShell). - Familiarity with Agile development methodologies. - Healthcare experience. Compensation Compensation will be based on skills, experience, and performance. Company Description Sift is a data science company working to improve payments operations and outcomes in the healthcare industry. We are a growing and dynamic team that is serious about AI. Based in Milwaukee, Wisconsin, Sift is thriving and looking for motivated team members who will help shape our culture. Sift offers competitive salaries and benefits. Learn more about Sift at www.sifthealthcare.com .

Role Description cFocus Software seeks a Sr. Cybersecurity Engineer / Architect to join our program supporting the National Institutes of Health (NIH). This position is remote and requires a Public Trust clearance. - Lead security engineering and architecture activities - Implement NIST 800-53 controls - Advise development teams on secure SDLC practices - Support incident response analysis - Implement security controls and network protections - Design, review, and implement secure architectures supporting hybrid scientific and IT environments across NCATS infrastructure - Provide technical leadership on security engineering solutions supporting secure system development and infrastructure modernization - Ensure architectures align with NIST SP 800‑53, NIST SP 800‑37, NIST SP 800‑160, FISMA, and NIH security policies - Integrate security engineering practices across the system development lifecycle (SDLC) using DevSecOps and security‑by‑design principles - Provide technical cybersecurity consulting to developers, engineers, and project stakeholders implementing NIST SP 800‑53 Rev. 5 security and privacy controls throughout system development - Participate in architecture discussions, sprint reviews, and design reviews to ensure security requirements are integrated into system design and implementation - Map system functionality to applicable security controls and develop control baselines aligned with system FIPS‑199 categorizations - Provide implementation guidance on encryption, identity management, logging, secure API management, and other security technologies - Assist with development of RMF artifacts including SSPs, SAPs, SARs, POA&Ms, Continuous Monitoring Strategies, and PIAs - Serve as a technical lead supporting incident response coordination, analysis, and remediation across NCATS systems - Coordinate with NCATS IT teams, security stakeholders, and the NIH Cyber Security Operations team - Perform incident triage, containment, analysis, escalation, and remediation activities - Conduct forensic analysis, malware review, and technical investigations supporting incident response activities - Develop incident reports documenting root cause, impact, remediation steps, and lessons learned - Support system authorization and assessment readiness activities for NCATS information systems - Conduct pre‑assessment reviews and security control validation to prepare systems for compliance with federal security requirements - Develop and maintain Authority to Operate (ATO) documentation and supporting artifacts - Support FedRAMP authorization activities where applicable - Assist with independent security assessments and remediation of identified vulnerabilities - Provide engineering support for network security architecture and firewall management across the NCATS environment - Design and maintain network segmentation strategies and security zones based on risk and sensitivity - Implement firewall rules based on least privilege and default‑deny principles - Conduct firewall configuration management, rule validation, and change control - Validate logging configurations across network devices to support federal logging and monitoring requirements Qualifications - Bachelor’s degree in Computer Science, Cyber Security, or related field - 10+ years of cybersecurity engineering or security architecture experience - Experience designing and implementing security controls in federal or regulated environments - Security architecture and engineering practices - NIST Risk Management Framework (RMF) - NIST SP 800‑53 security controls - FISMA compliance - Security authorization / ATO processes - Incident response and threat analysis - Network security architecture and firewall management