• Responsavel pelos temas de vulnerabilidades; • Aplicação de atualizações, inventários, suporte ao time de cybersegurança; • Propor melhorias de segurança, elencando prioridades e auxiliando equipes envolvidas ou atuando diretamente na implementação dos controles necessários; • Atuar em investigações, auditorias, projetos e avaliações de segurança da informação, acompanhar indicadores, requisitos, cases e tendências de mercado relacionados a aplicabilidade de normas, controles, leis e boas práticas; • Atuar na elaboração e revisão de políticas e procedimentos internos, comunicar nos canais internos; • Conduzir programas de conscientização de segurança da informação.

Role Description To perform this job, an individual must perform each essential function satisfactorily with or without a reasonable accommodation: - Contracting providers and essential vendors in current service areas to maintain CMS adequacy and providing necessary services in the care of the Plan members. - Insuring providers and essential vendors in current service areas meet the credentialing requirements for their appropriate service lines. - Educating providers on the Health Plan(s) functions and roles in caring for its membership. - Ongoing educational updates as prescribed by CMS and the Health Plan(s) policies. - Conducting education presentations of the Health Plan(s) providers to ensure their understanding and commitment with the Health Plan(s). - Monitoring, maintaining and supporting provider relationships to ensure network coverage in all areas. - Working with and being involved in implementation as needed. - Establishing a positive work environment that encourages participation in process improvement and commitment to department/company success. - Completing corporate assignments as assigned. Qualifications - Must have knowledge and familiarity with all levels of medical services and ability to rapidly develop working relationships. - Must be able to accept instructions and work independently in the completions of goals and assignments. - Must have strong negotiation, organization, presentation and time management skills. - Must be able to effectively communicate with all levels of medical staff to explain Health Plan(s) program, benefits and goals. - Must be able to work effectively in a team environment. - Excellent computer skills, including Microsoft Office Suite. - Must be self-motivated, dependable, team and goal-oriented. Requirements - Experience in the health care field required. - Prior experience in network development / network services is preferred. - Prior experience with acute and post-acute facilities is beneficial. - Prior experience with Medicare Advantage plans is helpful. - Bachelor’s degree. - Must be available to work 8 a.m. until 5 p.m. local time. - Position requires travel to network provider locations. - Teleworking is an option if criteria are met. Benefits - Affordable Medical/Dental/Vision insurance options. - Generous paid time-off program and paid holidays for full time staff. - TeleDoc 24/7/365 access to doctors. - Optional short- and long-term disability plans. - Employee Assistance Plan (EAP). - 401K retirement accounts. - Employee Referral Bonus Program. Company Description American Health Plans, a division of Franklin, Tennessee-based American Health Partners Inc., owns and operates Institutional Special Needs Plans (I-SNPs) for seniors who reside in long-term care facilities. In partnership with nursing home operators, these Medicare Advantage plans manage medical risk by improving patient care to reduce emergency room visits and avoidable hospitalizations.

Role Description The key responsibilities of the Information System Security Officer (ISSO) include: - Support implementation and enforcement of cybersecurity policies and controls in accordance with DoD RMF, NIST 800-53, and Air Force guidance - Maintain and monitor the security posture of assigned systems/enclaves, including cloud, on-premises, and hybrid environments - Develop, update, and maintain RMF documentation, including System Security Plans (SSPs), POA&Ms, security controls, and assessment artifacts - Support ATO lifecycle activities, including control implementation, validation, and continuous monitoring - Develop and maintain ATO/RMF documentation in accordance with specified policies - Evaluate and validate security controls for systems, applications, and integrations, including cloud and API-based architectures - Support incident response activities, including detection, reporting, and coordination with cybersecurity teams - Maintain records on systems, applications, hardware, etc. to include system upgrades - Provide support to the Information System Security Manager (ISSM) for maintaining the appropriate operational IA posture for a system/program/enclave Qualifications - 5+ years of experience in information system security, cybersecurity, or related roles - Bachelor’s degree in Computer Science, Cybersecurity, or comparable academic discipline - Must have or be willing to obtain Secret Clearance (this requires US Citizenship) - Ability to pass required background screening and drug testing - Experience with DoD RMF processes, including SSP development, control implementation, POA&M management, and ATO support - Knowledge of NIST 800-53 security controls and continuous monitoring practices - Experience performing security assessments and validating system compliance - Experience preparing and maintaining SSPs and other security related documentation - Familiarity with vulnerability management tools (e.g., ACAS, Tenable, or similar) - Understanding of cloud security principles (AWS/Azure, GovCloud, or similar environments) - Experience with system security in hybrid environments (cloud + on-premises) - Knowledge of networking and system integration security - Demonstrated experience performing day-to-day security operations of large, complicated information and information processing systems - Experience proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies, preferably on a large software or IT program - Understanding of Zero Trust concepts and identity/access management principles - Strong documentation skills, particularly for RMF artifacts and compliance reporting - Strong analytical, problem-solving, and organizational skills - Ability to work collaboratively across engineering, architecture, and cybersecurity teams - Must have excellent interpersonal skills - Security+ certification required (or higher DoD 8570/8140 equivalent) - Additional certifications (e.g., CySA+, CASP+, CISSP) are a plus - Experience supporting DoD or U.S. Air Force systems preferred Benefits - Market-competitive salary - Generous PTO package - Comprehensive medical, dental, vision, and life insurance plans - 401K - Short/long-term disability insurance - Fun and engaging culture - Training opportunities to keep you up to speed on the latest technologies

• Support and enhance First American’s existing data security processes, standards, and tools across the enterprise • Work with the Data Security team to reduce risk for the organization by securing data, classifying and labeling sensitive data, and applying encryption or other security controls • Drive initiatives like expanding the use of Microsoft 365 Information Protection (MIP) and Purview Data Loss Prevention (DLP) • Own and mature the data classification, sensitivity labeling, and data loss prevention (DLP) strategy • Support regulatory, audit, and risk management requirements • Drive continuous improvement of data security controls • Monitor, triage, and investigate alerts and cases; collaborate with HR, Legal, and Security Operations • Solve problems, research alternatives, prepare presentations, and drive solutions pertaining to data security • Analyze data and report trends & metrics to business partners • Assist with the creation, maintenance, and updates of data security process documents • Partner with business units and data stewards to support data security initiatives across the enterprise • Be a subject matter expert for questions from end users and business stakeholders on topics such as data security policies, standards, and business processes • Participate in evaluation and selection of new technology