Job Title: Senior Information Security Risk Advisor, Healthcare SaaS
In this role you will be a risk security expert, responsible for securing enterprise information by determining information security risk requirements; planning, implementing, and testing security controls; providing input on security standards, policies, and procedures; This role will be hands on and requires the employee to have the ability to create and advise on security architecture. The role requires excellent communication and collaboration skills.
RESPONSIBILITIES/TASKS:
* Perform internal controls and information security risk assessments of existing or emerging technologies to identify inherent risk and evaluate key mitigating controls
* Gather documentation/technical information in support of audit requests and issue remediation efforts
* Provide direction to internal engineering and development teams that enable them to make informed risk management decisions
* Maintain strong working relationships with individuals and groups involved in managing information security risks across the organization.
* Participate in moderate to highly complex projects as they pertain to the organization's long-term information security strategy.
* Provide detailed risk and remediation guidelines, as well as perform remediation activities where applicable
* Participate in 3 rd party audits, assessments, and remediation activities
* Strong knowledge and understanding of network architecture, applica tion design, systems engineering and integration
* Interpret business requirements and functional specifications to recommend and implement security requirements
* Act as a Subject Matter Expert in the discovery and investigation of critical security vulnerabilities as required
EDUCATION OR EQUIVALENT EXPERIENCE:
Bachelor's degree in Computer Science, Information Security, or equivalent. Relevant combination of education and experience may be considered in lieu of degree. At least one (or more) of the following (or similar) Professional security management certifications required: CISA, CISM, CISSP, GIAC, etc.
EXPERIENCE:
10 years overall IT security experience, 3 years of specific experience leading information security risk and governance teams, including transforming functions and changing culture (change management). In addition, experience must show within classified networks, information classification, and confidentiality requirements associated with high security environments. Experience in information security program development, understanding of ISO 27001/27002, NIST Cybersecurity Framework, COBIT, and ITIL are highly preferred. In addition to experience in reviewing healthcare-related information system technical controls for adherence to CMS (Centers for Medicare and Medicaid Services), including HIPAA-HITECH, HITRUST
SKILLS/KNOWLEDGE/ABILITIES (SKA) REQUIRED:
Required Skills / Experience:
* Experience managing risk assessments on internal systems and external vendors
* Experience in architecture or security management with expertise in applying secure software development methods within system development lifecycle efforts
* Experience conducting security code review, threat modeling, or application penetration assessments
* Experience in software development concepts and methodologies
* Highly motivated, competitive, entrepreneurial and attracted to challenging opportunities
* Demonstrated ability to work in a fast-paced environment where organizational skills are essential
* Strong problem solving, analytical, interpersonal, and ownership skills
* Possess excellent collaboration skills with a wide variety of internal team members
* Self-starter, that has self-confidence and holds strong integrity and accountability qualities
* Ability to interact on a technical level with technical managers and development teams to articulate requirements and processes while collaborating on design options, implementation, testing and user acceptance.
* Experience with network and application security technical controls and common vulnerabilities.
* Ability to translate technical security concepts to business-oriented audiences
* Experience in interfacing with multiple information technology application and infrastructure development and support areas within an enterprise
* Demonstrated ability to develop metrics, perform critical analysis and develop executive decision support content.
* Strong project management experience
WORKING CONDITIONS:
Work is performed in an office setting with no unusual hazards. Minimal travel required.
The qualifications listed above are intended to represent the minimum education, experience, skills, knowledge and ability levels associated with performing the duties and responsibilities contained in this job description.
We are an Equal Opportunity Employer. Diversity is valued, and we will not tolerate discrimination or harassment in any form. Candidates for the position stated above are hired on an "at will" basis. Nothing herein is intended to create a contract.