Security Lead

At Commence, we are the start of a new age of data-centric transformation, elevating health outcomes and powering better, more efficient process to program and patient health. We combine quality data-driven solutions that fuel answers, technology that advances performance, and clinical expertise that builds trust to create a more efficient path to quality care.

With human-centered, healthcare-relevant, and value-based solutions, we create new possibilities with data. We provide proof beyond the concept and performance beyond the scope with a focus on efficiencies that transform the lives of those we serve. With a culture driven by purpose, straightforward communication and clinical domain expertise, Commence cuts straight to better care. 

The Security Lead will establish and oversee the cybersecurity, privacy, and compliance posture for a CMS case management program. You'll serve as the primary security advisor to program leadership, working closely with the Program Manager, Solutions Architect, Cloud Architect, DevSecOps team, and government security stakeholders to ensure security is embedded into every layer of the solution.

Key Responsibilities

• Lead the program's cybersecurity strategy and ensure compliance with CMS ARS, FISMA, HIPAA/HITECH, NIST 800-53, and FedRAMP requirements
• Develop and maintain security plans, policies, and procedures aligned to federal standards
• Support Authority to Operate (ATO) activities and coordinate with government security officials and compliance auditors
• Manage Plan of Action and Milestones (POA&M) activities and maintain the program risk register
• Review and approve AWS cloud architecture designs, ensuring secure implementation of cloud-native services and security controls
• Enforce IAM policies, MFA, encryption at rest and in transit, network segmentation, and Zero Trust principles
• Embed security controls into CI/CD pipelines and validate cloud configurations against security baselines
• Implement automated scanning for source code, containers, Kubernetes workloads, Infrastructure as Code (IaC), and open-source dependencies
• Conduct security risk assessments and threat modeling; identify vulnerabilities and develop mitigation strategies
• Evaluate third-party and integration partner security risks
• Define data classification, handling, retention, and destruction requirements to protect PII and PHI
• Review interoperability and data-sharing solutions for HIPAA privacy compliance
• Develop and maintain incident response procedures and support SIEM-based monitoring and alerting strategies
• Coordinate response activities for security incidents and vulnerabilities
• Participate in Architecture Review Boards (ARBs) and review application, integration, data, and infrastructure designs for security gaps
• Ensure secure API and interoperability implementations across all integrated systems

Qualifications

• Bachelor's degree in Cybersecurity, Information Systems, Computer Science, or related field (Master's preferred)
• 10+ years of cybersecurity experience, including 5+ years supporting federal government programs
• 5+ years securing cloud-based solutions, preferably AWS
• Experience supporting healthcare or CMS-related systems
• Experience with ATO processes and federal compliance frameworks
• Experience leading security teams in Agile and DevSecOps environments

Preferred Qualifications

• CISSP – Certified Information Systems Security Professional 
• CCSP – Certified Cloud Security Professional 
• AWS Certified Security – Specialty 
• Certified Information Security Manager (CISM) 
• Certified Ethical Hacker (CEH) 
• GIAC Security Certifications 

*Commence' headquarters are in Virginia Beach, VA, however we are open to remote candidates in the following states:   AZ, AR, DE, FL, GA, IL, IN, KS, KY, MA, MD, MI, MS, MO, MT, NC, NE, NV, NY, OH, OK, PA, SC, TN, TX, VA, DC, WI, and WV* 

Work Environment/Physical Demands 

The work environment and physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. 

This is an office/remote position. While performing the duties of this job, the employee regularly works in a climate-controlled environment. Candidates must be able to sit, read, work on a computer, and watch a computer screen for extended periods of time. Occasionally required to stand, walk, use hands and fingers, kneel or crouch. 

Commence is an equal employment opportunity for employer. All personnel processes are merit-based and applied without discrimination on the basis of race, color, religion, sex, sexual orientation, gender identity, marital status, age, disability, national or ethnic origin, military and veteran status or any other characteristic protected by applicable law.  

Commence.AI is committed to providing equal employment opportunities to all applicants, including individuals with disabilities. If you require reasonable accommodation to participate in the application process due to a disability, please contact Human Resources at (757) 306-4920 or hr@commence.ai. Please note that unless you are requesting an accommodation, all applications must be submitted through our online application system.