Information Security Engineer

Location: Aurora, IL
Date Posted: 04-03-2018
CareNational
Information Security Engineer – Managed Care
Aurora, IL (western suburb of Chicago)
  
Information Security Engineer Job Summary: 
  • Researches, evaluates, recommends, designs, implements and administers new or updated information security solutions
  • Creates and maintains information security architecture, policies, principles, and standards to help ensure compliance with business, regulatory and accreditation requirements (e.g., HIPAA, Utilization Review Accreditation Commission (URAC), and Payment Card Industry (PCI))
  • Participates in solution architecture design with internal and external resources; leads security efforts, assisting with the integration and initial implementation of solutions
  • Designs security solutions to mitigate threats where possible
  • Develops a common set of security tools; defines operational parameters for their use and conducts reviews of tool output; determines tool administration ownership roles with CIO
  • Develops and validates baseline security configurations for operating systems, applications, networking, and telecommunications equipment
  • Conducts and manages information security certifications, vulnerability analyses, and risk assessments; implements or oversees associated remediation activities
  • Oversees reviews of UHH security posture of third party vendors, service providers, and partners
  • Responds to, investigates and coordinates IT response to potential information security and privacy incidents including malware, intrusions and breaches
  • Conducts and manages security forensics activities when required, including oversight of third parties
  • Maintains security by monitoring and ensuring compliance to standards, policies and procedures
  • Leverages security toolset to monitor for abnormalities that could indicate a security compromise
  • Monitors and administers the current information security toolset (e.g., Security Event Information Management (SEIM) services)
  • Prepares system security reports through collection, analysis, and summarizing data and trends
  • Provides management reports highlighting information security program effectiveness, risk and vulnerability assessment findings, ongoing risk remediation efforts, and risk management recommendations
  • Develops dashboards and metrics to determine ongoing health and effectiveness of information security solutions
  • Partners with IT Network Engineering team to design network, cloud, business continuity and security solutions that best meet both UHH business and information risk management needs
  • Partners with HIPAA Privacy team to best ensure compliance to regulatory privacy requirements
  • Partners with IT, Privacy and Business teams to enhance, educate and promote the UHH security program
  • Collaborates on critical IT and organizational projects to help ensure security best practices are incorporated throughout the IT system and application development life cycles
  • Advises and promotes to IT system administrators the implementation of server and desktop hardening best practices
  • Performs other duties as assigned within the scope of responsibilities and requirements of the job
  • Performs Essential Job Functions and Duties with or without reasonable accommodation

Information Security Engineer Background:   
  • Bachelor of Science (B.S.) or Bachelor of Arts (B.A.) in Math, Statistics, Economics, Finance, Comp Sci, Engineering, or other technical field required; MBA or similar advanced degree strongly preferred
  • Requires certification in one or more relevant industry certifications (e.g. CISSP, CISM, CISA
  • 5 ~ 7 years minimum direct, hands-on technical information security and systems security design experience
  • Advanced knowledge and experience in creating and enforcing controls based on industry standard security and control frameworks such as CIS, NIST, COBIT 5, ISO 27002
  • 2 years of systems integration and operations experience preferred
  • Strong knowledge of current and emerging security threats
  • Working knowledge in Security Analysis, including the following domains:
    • Formal Threat Modeling
    • Knowledge of Web Application Risks and Fundamentals
    • Gap Assessment
    • Compensating Mitigations
  • Extensive experience managing Windows security, mobile device and endpoint security
  • Experience and working knowledge managing security for Mac OS X and Linux systems
  • Advanced knowledge of information security principles and practices, including security risk assessment standards, risk assessment methodologies, and vulnerability assessment
  • Experience with Network and Computer Forensics and Malware Analysis
  • Experience with Cloud computing services, architecture, security concerns, and risk mitigation strategies
Must Haves:  Cisco, Fortinet, load balancing, virtualization, professional demeanor - work with customers


#CNT
 
KARI HANNA
Division Vice President - I.T.
CareNational Healthcare Services
Kari@CareNational.com
480.681.0168 (CALL – TEXT – FAX)
CareNational.com
Sign-Up for Job Alerts
or
this job portal is powered by CATS