Information Security Engineer II

Overview

Pay range: $81,525 - $132,475 / year. Benefits and perks available for eligible positions include robust educational assistance programs, generous paid time off, employee assistance and wellness programs, paid parental leave, qualifying employer for the Public Service Loan Forgiveness (PSLF) Program, plus more.

To plan, design, enforce and audit security policies and procedures which safeguard the integrity of and access to enterprise systems, files, and data elements. To recognize and identify potential areas where existing data security policies and procedures require change, or where ones need to be developed, especially regarding future business expansion. To provide management with risk assessments and security briefings to advise them of critical issues that may affect customers, or corporate security objectives.

To evaluate and recommend security products, services and/or procedures to enhance productivity and effectiveness.

Bachelor's degree in Information Systems or a related field and three (3) years of related experience required. Work experience may substitute for education requirement.

One of the following certifications preferred:

• CISSP
• CRISC
• CISA

Experience with the items outlined below in a Healthcare setting preferred:

• IT Risk Management
• Performing risk assessments on vendors, departments, systems and facilities
• Working alongside business/system owners to remediate risk findings
• Administrating GRC system
• Following up with vendors where risk items have been identified for remediation
• Working with risk owners to document remediation plans and exceptions
• Mapping risk findings to common controls
• Compliance Management (HIPAA, PCI, URAC, Meaningful Use, etc.)
• Coordinating and assisting with PCI Self-Assessment Questionnaires
• Coordinating pen tests, risk assessment, compliance assessments, etc. with external assessors
• Assisting with the implementation of a cybersecurity framework and controls (NIST CSF, CIS top 20, etc.)
• Business Continuity
• Assist with implementation and ongoing management of Business Continuity program including collaboration and influencing of key cross-functional teams
• Document parent/child relationship of corporate assets and business processes
• Coordinate and monitor disaster recovery testing exercise events to ensure activities progress according to event plans, issues are logged, and status reporting is provided to stakeholders
• Assist with BCP/DR risk register, risk treatment, reporting process and runbooks
• Work with teams in operations, security, and IT to build security metric reporting and leadership dashboards
• Work with Business Units to document business processes and supporting infrastructure
• Assisting with development of crisis event response workflow, call trees and role responsibilities