The Role:We're seeking a talented Information Security Manager to join our Corporate InfoSec department. At Grand Rounds, our business is saving lives, and we take it seriously. As the Security Manager, you’ll provide the technical leadership for the information security program that protects system boundaries, keep computer systems and network devices hardened against attacks and secures sensitive patient and member data.
About Us:Grand Rounds’ vision is to create a path to great health and health care, for everyone, everywhere. Founded in2011, the company provides an employer-based platform that delivers improved outcomes for patients and their families. It does this through an end-to-end solution that connects patients with care informed by the latest and best practices—preventing and correcting misdiagnoses and unnecessary or failed treatments. Named second among Glassdoor’s2016Best Places to Work, Grand Rounds helps restore individual health and quality of life, and offers employers lower health care spend and higher employee productivity.
- Serve as the central point of contact for infosec technology for the company and ensure that security is integral to strategic IT, business and technology decisions.
- Assist in the definition, design and implement defensive, detective and preventive processes, procedures, best practices and instrumentation around the perimeter of Grand Rounds systems and related commercial offerings which are used to deliver our services.
- Work with the InfoSec team to design and implement information security defense architecture, solutions, tools and automation for the continuous protection of our corporate systems and information assets.
- Develop state of the art training program for product engineers in best-practices for security testing. Provide feedback on security components of the product design.
- Help identify, define and document the system security requirements and hardening standards for the infrastructure and application stack.
- Work with stakeholders to survey, identify and recommend best-fit solutions and lead their implementation where appropriate. Examples include but are not limited to: IDS/IPS, SIEM, HIDS, FIM, Vulnerability Scanners, Web Application Firewalls,Threat Monitoring and Detection.
- Internally manage security assessments on our internal and customer-facing systems.
- Perform security gap assessments and penetration tests, generate comprehensive reports and recommendations on the securityrisks and vulnerabilities. Act as the Incident Response Lead and perform security incident response and investigations in a timely manner.
- Partner with the Director of Compliance & Audit and collaborate on aligning security to audit and compliance requirementsPrepare and document relevant standard operating procedures.
- Prepare security metrics for the senior management.
- Perform maintenances after hours and in change windows, if needed.
- Participate in on-call rotation.
- Minimum 5years work experience as an Information Security Engineer, Technology Leader or Manager, preferably at companies with Saas based enterprise software products for the financial or healthcare industries.
- Current knowledge of commercial security product and service offerings in the marketplace.
- Awareness of and practice in the evaluation of cloud based offerings such as Infrastructure as a Service and Software as a Service (IaaS and SaaS).Demonstrated technical knowledge in tools / methods in securing Networks, Applications, Databases and OSs.
- Hands-on experience in deploying and administering security tools and appliances - creating policies, tuning, log analysis, troubleshooting and diagnosing problems.
- Deep experience with all the components of a complete security solution: Security Information and Event Management; Threat Monitoring, Content Filtering and Response, File Integrity Monitoring; and Application Security Management etc.
- Familiarity with securing web related technologies (Web applications, Web Services, APIs, Service Oriented Architectures).Experience with manual or automated security assessment, vulnerability validation and/or penetration testing and securityaudits - SSAE16 SOC2preferred.
- Expert knowledge and prior experience with industry frameworks and standards like HIPAA, PCI DSS, SOC2, ISO27001.
- Thorough understanding of the current threat and attack landscape, latest security trends and principles.
- Security certifications in at least 2 of the following: CISSP, GSEC, CCSP, CEH, OCSP, CHFI, GIAC.
- Excellent communication skills and ability to document and explain technical details clearly and concisely.
- Ability to work cross functionally across the Enterprise, peering with relevant SME’s and groups to position for success.B.S. degree in Computer Science or related field or equivalent combination of professional development training and experience.