Senior Director, Incident Response and Security Engineering

About The Position

Requirements

• Demonstrated understanding and experience with information security vulnerabilities, threats, risks, security operations fundamentals, tasks, and best practices
• High quality and timely delivery of projects and operational initiatives
• Strong leadership, stakeholder management and program management skills
• Effective verbal, written and interpersonal communication skills
• Experience with implementing automation
• Awareness of industry standards and best practices such as NIST CSF and CIS
• Current knowledge of federal and state privacy and security laws and regulations, as well as industry best practices.
• Demonstrate competence in the areas of critical thinking and problem solving, interpersonal relationships, and technical skills
• Track record of collaboration and relationship building
• High level of professionalism, self-motivation, and sense of urgency who thrives in a fast-paced, dynamic environment
• Spoken and written fluency in English
• Bachelor's degree in Information Systems, Cybersecurity, Computer Science or related field
• Holds Certified Information System Security Professional (CISSP)
• 10 years’ experience in Information Security
• 5 years’ experience in leadership capacity

Nice To Haves

• Healthcare industry experience is preferred.

Responsibilities

• Manages security incidents and events, leading the investigation and containment of incidents, to protect company assets, including intellectual property, regulated data and the company's reputation.
• Partners with IT Leadership in the recovery from incidents, coordinate with law enforcement agencies at the direction of Legal, and develop the post-response strategy including lessons learned
• Oversees, actively test, and refine the incident response plan
• Partners with third party Incident Responders as needed
• Acts as liaison with Legal, Privacy, Compliance, HR, IT, Internal Audit, Business Development, Risk Management, and other internal stakeholders
• Evaluates new security threats and healthcare technology trends and develop related monitoring and alerting to identify new Indicators of Compromise
• Provides oversight, direction, and development opportunities to the Incident Response team to effectively respond to incidents
• Protects intellectual property, trade secrets, and other sensitive information from insider threats
• Conducts investigations at the direction of Legal and HR
• Defines and executes the Security Engineering roadmap as part of the Information Security roadmap
• Provides leadership in Security technologies and operations, vulnerability management, information security operations, and managed services delivery
• Provides oversight, direction, and development opportunities to the Security Engineering team to execute and deliver against the roadmap
• Leads operational support of Information Security technologies and infrastructure
• Deploys and leads security program(s) and related security enhancements using new and existing measures/technologies
• Responsible for the process of documenting and monitoring the secure configuration of technology assets that have configuration settings within the security baseline defined
• Oversees continuous monitoring and protection of company information systems, data, data centers, and cloud services
• Serves as a security resource to all levels including executive management, department staff, and external bodies, such as state agencies
• Reviews and recommends emerging security technologies and systems
• Identifies opportunities for automation to gain efficiencies and best utilization of team members
• Oversees operations of multiple third-party security vendors, to ensure alignment and compliance with security goals and SLAs
• Educates business leaders on appropriate security risk and mitigation strategies and approaches
• Manages the team members to include hiring, training, staff development, performance management and annual performance review
• Develops and grows team members, identify development needs, and provide skill building and cross-training opportunities for the team

Benefits

• With great compensation, comprehensive benefits, career development and advancement opportunities and so much more, our employees enjoy great work-life balance and opportunities to grow.