Info Security Engineer I

DRISCOLL HEALTH PLAN

About The Position

Where compassion meets innovation and technology and our employees are family. Thank you for your interest in joining our team! Please review the job information below. JD Attached GENERAL PURPOSE OF JOB: Ensure the confidentiality, integrity and availability of Driscoll Health System information systems and assets. Participates in ongoing enforcement and monitoring activities related to security and privacy in compliance with organizational policy, regulatory requirements, federal and state laws, accreditation standards, and industry standards. The ideal candidate regularly exercises their critical thinking skills and has a perpetual drive to understand how things work. Additionally, the candidate will have an unyielding desire to use their continuously acquired knowledge in the field of information security to protect the safety and security of patients, the organization, and all associated assets. ESSENTIAL DUTIES AND RESPONSIBILITIES: To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. This job description is not intended to be all-inclusive; employees will perform other reasonably related business duties as assigned by the immediate supervisor and/or hospital administration as required.

Responsibilities

Assist with planning, implementation, and maintenance of comprehensive enterprise-wide Information Security policies, strategies, and systems that protect the organization information systems in accordance with applicable laws, regulatory requirements, and industry standards.
Plan, implement, troubleshoot, and maintain the necessary technical systems, controls, policies, or procedures to protect information systems assets and data from intentional or inadvertent disruption, modification, disclosure, or destruction
Awareness training of the workforce on information security standards, policies and best practices
Installation and use of firewalls, data encryption and other security products and procedures
Conduct vulnerability scans and work with teams to prioritize mitigation/remediation efforts
Conduct penetration testing
Monitor networks and systems for security breaches, using software that detects intrusions and anomalous system behavior
Investigate security breaches
Lead incident response, including steps to minimize the impact and then conducting a technical and forensic investigation into how the breach happened and the extent of the damage
Implement enterprise-class security systems for a production environment
Align standards, frameworks and security with overall business and technology strategy
Identify and communicate current and emerging security threats
Implement security architecture elements to mitigate threats as they emerge
Maintain relevant knowledge and skills of the following:
All systems required to implement, support, or maintain.
Regulatory and legal compliance requirements applicable by federal, state, and local law.
Advancements in information security, information systems technologies, and standards.
Adheres to hospital policies and procedures and demonstrates business practices and personal actions that are ethical and adhere to corporate compliance and integrity guidelines maintaining utmost level of confidentiality at all times.
Communicate or collaborate with external technology representatives, vendors, and support staff.
Communicate or collaborate with hospital staff, managers, and administration.
Performs other related work assignments as required.