Information Security Engineer

About The Position

Requirements

• 3+ years of relevant work experience in IT security in a complex enterprise environment, preferred.
• Demonstrated knowledge of information technology processes, risks, infrastructure, and information security.
• Experience with incident response and vulnerability management.
• Knowledge of Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health (HITECH), and Payment Card Industry Data Security Standards (PCI DSS).
• Experience with information security assessments and audits.
• Strong written and verbal communication skills
• Effective collaboration with stakeholders across departments and affiliated organizations.
• Ability to analyze information system security design and recommended configuration.
• Detailed oriented.
• Ability to work effectively in a complex enterprise environment.

Nice To Haves

• Work experience in the healthcare information security field.
• Previous Health Information Technology (HIT) experience implementing controls to meet federal security and privacy regulations.
• Preferred expertise in security assessment methodologies.

Responsibilities

• Assist in the testing of the incident response plans to effectively address and mitigate security breaches or compliance violations.
• Assist in the testing of the business continuity plans and disaster recovery plan to effectively sustain business process and to effectively restore the operability of a system, application, or infrastructure to effectively restore the operability of a system, application, or infrastructure during and after a cyber incident disruption.
• Responding and resolving information security events and escalation.
• Evaluate and assess security technologies, tools, and solutions to determine their suitability and effectiveness in addressing the organization's security needs.
• Design cloud security strategies, and implement controls to protect data, applications, and infrastructure hosted in the cloud.
• In coordination with the information security team, design security architecture to protect an organization's entire IT infrastructure, including networks, systems, applications, and data that align with business objectives and compliance requirements.
• Maintain and monitor the cyber security risk register with the risks, risk ratings, risk mitigation strategies and action plans.
• Assist with data gathering and coordination with the various teams for audits and risk assessments.
• Monitor the training campaigns to demonstrate the effectiveness of the training program and improve phishing detection and response.
• Conduct vendor risk assessments to identify and document potential supplier cyber security risks, threats, and vulnerabilities for management approval.
• Develop a process for third-party compliance requests monitoring and tracking and ensure timely completion
• Collaborate with internal and external audit teams, providing documentation and evidence as needed to demonstrate compliance and adherence to the information security policies.
• Develop and maintain a cyber security framework continuous assessment process to provide assurances that the controls in place are operating effectively.
• Monitor remediation of the vulnerability assessment findings, including penetration test
• Collaborating with cross-functional teams
• Communicate security risks, issues, and recommendations to senior management and stakeholders.

Benefits

• Competitive base compensation
• Annual bonus potential
• Health benefits effective on start date
• Health & Wellness Program; up to $300 per quarter for your overall well-being available on start date
• 401K plan effective on the first of the month after your start date; 100% of up to 4% of your annual salary
• Unlimited (or generous) paid "Vytal Time", and 5 paid sick days after your first 90 days
• Company paid STD/LTD
• Technology setup
• Ability to help build a market leader in value-based healthcare at a rapidly growing organization