Sr Information Security Engineer - Health First, Full Time
Posted on Aug 12, 2019 by Health First
To be fully engaged in providing No Harm / Quality, Customer Experience, and Stewardship by architecting and implementing Confidentiality, Integrity and Availability solutions that support the delivery of highly reliable, customer centric, enterprise level services.The Senior Information Security Engineer will provide security expertise and consultative services to the enterprise. The engineer will perform risk assessments and recommend control selections to reduce risk to an acceptable business level. Planning, designing and managing enterprise information security initiatives in support of Confidentiality, Integrity and Availability and maintains information security policies, standards and processes, and applies in-depth knowledge of functional aspects of information systems security and compliance Primary Accountabilities Identify cost reduction opportunities. Drive operational efficiencies that improve profitability and customer satisfaction. Work with Health First Business units to define security controls to implement to bring about a reduced business risk, and such that appropriate budget strategies and options are available. Participate in a best-practice Information Security program to protect HF information assets, ensuring appropriate information security measures and disaster recovery processes are in place; coordinate and collaborate with the Enterprise IT Security team, other IT Teams and individual business units. Provide technical guidance for projects in the Health First project portfolio; provide risk adjusted control selection recommendations, manage risks and ensure organization achieves anticipated value; ensure Information Security initiatives are tied to strategic initiatives and key focus areas of the organization. Participates as a member of IT Computer Incident Response Teams (CIRT) in the event of an emergency security or non-security breach Create and maintain required documentation which at a minimum should include risk assessments and analysis, control listings, contacts lists, and risk acceptance documentation. Implement a continual improvement process based on the results of the exercises/tests. Assist in creating and maintaining KPIs, KRIs and dashboard to report the security risk status of business units to senior management Assess Health First's IT environment against industry best practices and benchmarks to determine the weaknesses and vulnerabilities of the information security infrastructure, implementing security measures to decrease exposure to attack and/or penetration.. Continuously identify and recommend opportunities to improve the patient/member experience Foster a consultative environment with the engaged business unitsQualification:
BS in Electrical Engineering, Computer Science, Software Engineering, Information Technology and/or equivalent discipline preferred
Five (5) years minimum experience in information security
Eight (8) year minimum experience in information technology
Professional certification in security related fields (CISA, GIAC, etc) - preferred (required within 1 year of hire)
Demonstrated understanding of networking protocols and topologies.
Knowledge of network security
Demonstrates excellent oral, written, and interpersonal communication skills.
Ability to relate to customer needs and concerns
Applies logic and sound reasoning to determine the facts and reveal root causes