IT Security Engineer III- GRC SME

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, Information Systems, or a related field. Equivalent professional experience may be considered in lieu of a degree.
• At least one active, industry-recognized cybersecurity or GRC-related certification, such as: Security+ / GSEC / SSCP / CRISC / CISA (acceptable if security-focused) Advanced or healthcare-relevant certifications, such as: CISSP, CRISC, CISM, HCISPP, GIAC
• Eight (8) or more years of combined IT and cybersecurity experience.
• Demonstrated experience leading or independently executing security initiatives.
• Hands-on experience supporting, securing, and documenting at least two enterprise applications or platforms.
• Experience performing risk assessments, control evaluations, or compliance activities.
• Experience collaborating with infrastructure, application, and operations teams.
• Strong working knowledge of information security governance, risk management, and compliance principles
• Demonstrated understanding of security frameworks and standards, including: HIPAA Security Rule NIST (800-53, 800-30, 800-61, 800-171) ISO 27001 (working knowledge) PCI-DSS
• Experience assessing and advising on technical and operational security controls.
• Familiarity with enterprise security domains, including: Endpoint security (EDR, anti-malware) Vulnerability management Network and application security Cloud security concepts
• Ability to translate technical risk into business and compliance impact.
• Proven leadership and project coordination skills in a matrixed environment.
• Strong written and verbal communication skills, including security documentation and executive-level reporting.
• Ability to mentor junior staff and contribute to team knowledge development.
• Familiarity with IT service management and project methodologies (e.g., ITIL, Agile, or Waterfall).

Responsibilities

• Execute cybersecurity risk assessments, control reviews, and governance activities across infrastructure, applications, cloud services, and medical technologies.
• Conduct cybersecurity and compliance assessments aligned with HIPAA Security and Privacy Rules, internal policies, and applicable regulatory and industry standards.
• Identify cybersecurity risks related to medical devices, applications, and systems, and provide actionable mitigation and remediation recommendations.
• Support internal and external audits, including coordination with Internal Audit, third-party assessors, and penetration testing teams.
• Participate in security reviews of new and existing systems to ensure security requirements are met prior to implementation.
• Lead or support cybersecurity incident response activities in coordination with cross-functional teams.
• Manage and contribute to multiple cybersecurity and GRC-related projects simultaneously.
• Design and implement comprehensive security controls incorporating emerging technologies and industry best practices.
• Mentor and train junior staff on cybersecurity tools, processes, and governance practices.

Benefits

• Incentive pay for select positions
• Opportunity for annual increases based on performance
• Career Pathways to Promote Professional Growth and Development
• Various Medical, Dental, Pet and Vision options
• Tuition Reimbursement
• Free Parking
• Wellness Program
• Savings Plan
• Health Savings Account Options
• Retirement Options with Company Match
• Paid Time Off and Holiday Pay
• Community Involvement Opportunities