Security Engineer - Information Technology
The Security Engineer 2 is responsible for establishing and maintaining the enterprise security programs to ensure information assets and technologies are adequately protected. The Security Engineer brings awareness to and trains ITS and other staff members in security matters. The Security Engineer identifies, develops, implements, and maintains processes across the enterprise to reduce information and information technology (IT) risks. The Security Engineer will respond to incidents, establish appropriate standards and controls, manage security technologies, and manage the establishment and implementation of ITS Security policies and procedures. 3-5 years of experience in the field or a related area with relevant certifications are required.
The Security Engineer needs to have expert analytical skills and maintain an in-depth knowledge of best practices to prevent a wide range of security threats. The Security Engineer must also be an excellent communicator, able to train and educate staff, and create Executive reports on various information security topics. The Security Engineer is responsible to design and enforce policies and procedures that protect Harbin Clinic’s computing infrastructure from all forms of security breaches. The Security Engineer will be responsible for identifying vulnerabilities and working with the entire ITS department to resolve them, ensuring that Harbin Clinic’s network and data remain secure.
The Security Engineer typically reports to the Engineering Manager. The Security Engineer may be required to give regular security and risk updates to the Executive Team and the Board of Managers.
Essential Job Functions
Job functions may include but will not be limited to the following:
- Manage the cybersecurity program systems;
- Perform regular Phishing campaigns and report results to management;
- Create and maintain an annual security questionnaire;
- Participates in disaster recovery and business continuity planning to assure security is maintained during all operations;
- Review and approve security policies, controls, and cyber incident response planning;
- Approve identity and access policies;
- Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities;
- Maintain a current understanding of the IT threat landscape for the industry;
- Ensure compliance with the changing laws and applicable regulations;
- Translate knowledge to the identification of risks and actionable plans to protect the business;
- Schedule and manage periodic security audits;
- Oversee identity and access management;
- Make sure that cybersecurity policies and procedures are kept current and communicated to all personnel and that compliance is enforced;
- Engage with all teams, employees, contractors, and vendors involved in ITS security;
- Provide advanced training and mentoring to security team members and ITS staff;
- Constantly update the cybersecurity strategy to leverage new technology and threat information;
- Maintain real-time analysis of immediate threats, and triage when something goes wrong;
- Establishes, manages, and performs vendor risk analysis for current, potential, and future 3rd-party partners
- Brief the executive team on status and risks, including taking the role of champion for the overall security strategy and necessary budget;
- Create and Communicate both quarterly and annual Harbin Information Security status reports along with best practices and risks;
- Create and maintain a regular, quarterly, security newsletter to be distributed to all Harbin Clinic staff and physicians.
- Other duties as assigned.
General Performance Requirements
- This position is a full-time position.
- This is a daytime 8 a.m. to 5 p.m. position but hours may vary.
- This position will not be remote.
- Limited weekend and after-hour work required.
- Effective company communication is required 24/7 (email/phone/etc.).
- On-call phone support is required.
- Limited travel will be required.
- Bachelor's degree in Computer Science, Information Security or related field preferred.
- Training and awareness of various Security and Privacy regulations within healthcare (HIPAA, PHI, etc.) strongly desired.
- 3-5 years in Information Technology Security role(s) within a healthcare environment required.
- Certifications in the related fields are strongly preferred.
- Healthcare Information Security and Privacy Practitioner (HCISPP) certification desired.
- Certified Information Systems Security Professional (CISSP) strongly desired.
- Certified Information Security Manager (CISM) strongly desired.
- Certified Ethical Hacker (CEH) a plus.
- Certified Cloud Security Professional (CCSP) a plus.
- Additional Healthcare Technology experience strongly preferred.