Looking for a little more creativity, challenge, and growth opportunity in your workday? Didn’t think it was possible? Might be time to reconsider.
At Signature HealthCARE, our team members are permitted – no, encouraged – to employ their talents and abilities to solve problems. Our culture is built on three distinct pillars: Learning, Spirituality and Intra-preneurship. But this isn’t just hollow corporate sloganeering. Each pillar has its own staff and initiatives, ensuring that our unique culture permeates the entire organization.
The Manager of IT Security will work with leadership from all departments and directly with the CIO, other members of the IT department, and compliance personnel.
Successful candidates must be an expert in the current best practices and tools for protecting patient, company, employee, and end-user data, communications & systems.
The primary function of this position is to establish, administer and manage an information security program, cybersecurity systems, policies and procedures and advise senior management regarding risks to Signature HealthCARE due to implementation of technology used to operate the business. Given the nature of our lean team, we're looking for someone who can design and manage the program and is not afraid to roll up their sleeves and get to work. Advanced problem diagnosis and resolution required with a sharp focus on enterprise security analysis.
This role responds to computer security breaches, virus and malware infections, and cyber-securitythreats as well as implements company’s Information Security Management System security controls to protect enterprise data and networkinfrastructure.
Essential Duties & Responsibilities:
- Meet physical and sensory requirements stated below, and be able to work in the described environment.
- Identify and participate in process improvement initiatives that improve the customer experience, enhance work flow, and/or improve the work environment.
- Act as the primary security engineer to manage designated security platforms and services that protect the Signature HealthCARE environment, including firewalls, WAF, authentication services, network access control, and end point security solutions.
- Perform penetration testing, vulnerability assessments, and securityarchitecture reviews to help identify external threats and recommend methods for remediation.
- Collaborate with various IT and projects teams to provide technical and tactical ("hands-on") support within security-related areas to accommodate SLAs and deadlines.
- Assist with reviews of company projects and provide input on potential risks, threats, and appropriate solutions to meet information security requirements.
- Support the Change / Release Management processes through adequate vetting and testing of system changes and ensuring adequate documentation.
- Manage the following security systems:
- Internet Intrusion Detection and Protection systems
- Exchange administration EOP
- Antivirus including Kaspersky management and remedial actions
- ePO (Proofpoint) administration
- WAN Endpoint security and firewalls and proxies
- Internet Content filtering
- Log Monitoring systems for services and computers
- Internet content filtering, anti-virus and malware applications
- Email spam, virus and malware detection applications
- Log monitoring systems for servers and computers
- Desktop policy enforcement including SCCM
- Active Directory policy governance
- Security Incident and Event Management (SIEM)
- Vulnerability Management & Reporting
- Participates in maintaining company compliance with applicable federal and state laws and industry requirements, including, but not limited to, PCI, SOX, and HIPAA.
- Responsible for managing networksecurity breaches, providing containment solutions, communications to management, and developing stop-gap methodologies across the enterprise.
- Responsible for antivirus, patch management for IT Security Systems, application deployment, solution evaluation and proof-of-concepts (POCs).
- Work with all members of the IT team to maintain and update all IT controls, standard procedures, policies and enforcement of processes to enable compliance with regulatory requirements.
- Review all IT internal procedures to ensure compliance under HITECH and HIPAA policies (existing IT controls) and report findings to IT Leadership team.
- Other special projects and duties, as assigned.
- Bachelor’s degree in related IT field required and equivalent related work experience.
- 10 years of relevant experience.
- Highly preferred certifications: (1) VMware Certified Professional (VCP); (2) VMware Certified Advanced Professional (VCAP); (3) VCE Certified Converged Infrastructure Associate (VCE-CIA), (4) Cisco Certified Network Associate (CCNA); (5) Certified Information Systems Security Professional (CISSP); (6) Microsoft Certified Solutions Expert (MCSE); (7) Microsoft Certified IT Professional (MCITP)
- Cisco certifications in Wireless or Design a plus
- Strong understanding of security zones, DMZs and 3-Tier Architecture
- Strong understanding of LAN/WAN/ Cloud Hosting Networks including (VNET, MPLS, BGP, OSPF, VRF, QOS, Route Groups, VLAN, IPSec)
- Aruba Certified ClearPass Associate (AACA) and/or Aruba Certified Mobility Associate (ACMA), a plus
- Experience with networksecurity controls in a PCI, HIPAA or SOX regulated environment
- Experience with Azure Web Services networking services, including VPN, Direct Connect, VPCs, subnets, and security groups,a plus
- Understanding of Identity Management using Active Directory, SAML, ADFS, and OAUTH,a plus
- Must be motivated, disciplined and a self-starter