Security Lead

At Commence we are the start of a new age of data-centric transformation elevating health outcomes and powering better more efficient process to program and patient health. We combine quality data-driven solutions that fuel answers technology that advances performance and clinical expertise that builds trust to create a more efficient path to quality care.

With human-centered healthcare-relevant and value-based solutions we create new possibilities with data. We provide proof beyond the concept and performance beyond the scope with a focus on efficiencies that transform the lives of those we serve. With a culture driven by purpose straightforward communication and clinical domain expertise Commence cuts straight to better care.

The Security Lead will establish and oversee the cybersecurity privacy and compliance posture for a CMS case management program. Youll serve as the primary security advisor to program leadership working closely with the Program Manager Solutions Architect Cloud Architect DevSecOps team and government security stakeholders to ensure security is embedded into every layer of the solution.

Key Responsibilities

• Lead the programs cybersecurity strategy and ensure compliance with CMS ARS FISMA HIPAA/HITECH NIST 800-53 and FedRAMP requirements
• Develop and maintain security plans policies and procedures aligned to federal standards
• Support Authority to Operate (ATO) activities and coordinate with government security officials and compliance auditors
• Manage Plan of Action and Milestones (POA&M) activities and maintain the program risk register
• Review and approve AWS cloud architecture designs ensuring secure implementation of cloud-native services and security controls
• Enforce IAM policies MFA encryption at rest and in transit network segmentation and Zero Trust principles
• Embed security controls into CI/CD pipelines and validate cloud configurations against security baselines
• Implement automated scanning for source code containers Kubernetes workloads Infrastructure as Code (IaC) and open-source dependencies
• Conduct security risk assessments and threat modeling; identify vulnerabilities and develop mitigation strategies
• Evaluate third-party and integration partner security risks
• Define data classification handling retention and destruction requirements to protect PII and PHI
• Review interoperability and data-sharing solutions for HIPAA privacy compliance
• Develop and maintain incident response procedures and support SIEM-based monitoring and alerting strategies
• Coordinate response activities for security incidents and vulnerabilities
• Participate in Architecture Review Boards (ARBs) and review application integration data and infrastructure designs for security gaps
• Ensure secure API and interoperability implementations across all integrated systems

Qualifications

• Bachelors degree in Cybersecurity Information Systems Computer Science or related field (Masters preferred)
• 10 years of cybersecurity experience including 5 years supporting federal government programs
• 5 years securing cloud-based solutions preferably AWS
• Experience supporting healthcare or CMS-related systems
• Experience with ATO processes and federal compliance frameworks
• Experience leading security teams in Agile and DevSecOps environments

Preferred Qualifications

• CISSP Certified Information Systems Security Professional
• CCSP Certified Cloud Security Professional
• AWS Certified Security Specialty
• Certified Information Security Manager (CISM)
• Certified Ethical Hacker (CEH)
• GIAC Security Certifications

*Commence headquarters are in Virginia Beach VA however we are open to remote candidates in the following states: AZ AR DE FL GA IL IN KS KY MA MD MI MS MO MT NC NE NV NY OH OK PA SC TN TX VA DC WI and WV*

Work Environment/Physical Demands

The work environment and physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

This is an office/remote position. While performing the duties of this job the employee regularly works in a climate-controlled environment. Candidates must be able to sit read work on a computer and watch a computer screen for extended periods of time. Occasionally required to stand walk use hands and fingers kneel or crouch.

Commence is an equal employment opportunity for employer. All personnel processes are merit-based and applied without discrimination on the basis of race color religion sex sexual orientation gender identity marital status age disability national or ethnic origin military and veteran status or any other characteristic protected by applicable law.

is committed to providing equal employment opportunities to all applicants including individuals with disabilities. If you require reasonable accommodation to participate in the application process due to a disability please contact Human Resources at or . Please note that unless you are requesting an accommodation all applications must be submitted through our online application system.