Info Security & Cyber security Engineer I

Summary: The Information Security & Cybersecurity Engineer role develops, maintains, and coordinates the Organization’s information security activities in support of the Lifetime Healthcare Companies’ information security program. This position provides technical information security risk management and compliance services and support to the Organization’s lines of business and further provides information security consulting and support to all levels of the Organization’s management in support of the information security program. The cybersecurity disciplines range from Security Operations, Governance Risk and Compliance services, or Identity and Access Management. Essential Accountabilities: Level I Responsible for the design, implementation, and operation of Organization-wide security infrastructures. Evaluates and proposes new security solutions and advises and consults with the security manager and various levels of management regarding protection of computing resources and information assets. Assists in the maintenance and operational support for security technologies in defense against modern cybersecurity threats Delivers support for the Organization’s Information Security Framework and strives to improve maturity of the Information Security program in certain Framework domains. Respond to requests within defined SLAs relating to various information security systems, programs, and processes. Maintains risk management documentation to monitor lifecycle progress, track acceptance decisions, and catalog remediation actions. Utilizes automated Governance, Risk, and Compliance tools to track artifacts of the risk management lifecycle. Consults with information systems owners to categorize systems; select, implement, and assess controls; and frame, assess and monitor risk. Enforces information security policies, standards, and procedures by administering and monitoring security reports; investigates possible security exceptions. Delivers information risk management services for new and existing automation products and projects. Participates in rotation of 24/7/365 on call coverage. Assists in the execution of HIPAA, MAR, PCI, and COBIT compliance activities. Integrates security tools and appropriate controls into new and existing systems and applications. Assists in department self-audits, internal audits, external audit reviews, and risk assessments for the division and for end user departments. Participates in security assessment of supplier and vendors develops recommendations to improve security and mitigate security risks. Consistently demonstrates high standards of integrity by supporting the Lifetime Healthcare Companies’ mission and values, adhering to the Corporate Code of Conduct, and leading to the Lifetime Way values and beliefs. Maintains high regard for member privacy in accordance with the corporate privacy policies and procedures. Regular and reliable attendance is expected and required. Performs other functions as assigned by management. Level II (in addition to Level I Accountabilities) Keeps abreast of cyber threat landscape and evolving mitigation approaches and techniques. Performs as the Subject Matter Expert for at least one information security technology, processes, and practices internally to the Health Plan – including making recommendations relating to this technology. Provides technical expertise and support to security administrators on distributed systems security and implements automated solutions for security administration requests. Trains and provides technical support to Security Administrators and lower-level InfoSec & Cybersecurity Engineers on distributed system and application security. Provides consultation and facilitation support services to the Organization and its subsidiaries in information security matters and ensures compliance with the Organization’s information security policies and standards. Integrates security tools and appropriate controls into new systems and applications. Acts as a security consultant for Organization’s IT platforms, databases, middle-wares, and messaging systems (with oversight from a more senior analyst). Level III (in addition to Level II Accountabilities) Performs as the Subject Matter Expert for at least two information security technology, processes, and practices internally to Health Plan. Designs, develops, integrates, tests, evaluates, and maintains cybersecurity technology products. Researches, engineers, and integrates new security solutions with an emphasis on solutions that aligns with overall cybersecurity strategy. Performs cyber defense incident triage, including determining scope, urgency, and potential impact, and identifying the specific vulnerability. Provides security consulting to business partners to ensure solution designs are aligned with security principles and cybersecurity frameworks. Level IV (in addition to Level III Accountabilities) Acts as Team Leader amongst the group of engineers. Performs as the Subject Matter Expert for more than three information security technologies, processes, and practices internally to the Health Plan, and externally in the industry as a whole.