WebMD LLC
WebMD is the most recognized and trusted brand of health information and the leading provider of health information services, serving consumers, physicians, healthcare professionals, employers and health plans through our public and private online portals and WebMD the Magazine. The WebMD Health Network includes WebMD, Medscape, MedicineNet, eMedicine, RxList, theheart.org and Medscape Education. Our consumer portals and mobile health applications provide engaging, relevant and credible health and wellness information, personalized health assessment tools and access to online communities.
WebMD is an Equal Opportunity/Affirmative Action employer and does not discriminate on the basis of race, ancestry, color, religion, sex, gender, age, marital status, sexual orientation, gender identity, national origin, medical condition, disability, veterans status, or any other basis protected by law.
About the role The Security Compliance Engineer/Sr Engineer leads and assists day-to-day of the cyber security compliance program. They must understand common security compliance frameworks (e.g. HIPAA, NIST, ISO, SOC2 etc), systems, GRC tools, and Security Risk Management processes. The Sr SE will help mentor our team members by taking responsibility for the design, implementation, and maintenance of systems, and for proactively identifying and mitigating security risks across an organization's infrastructure and applications.
Responsibilities
Plans and leads policy and compliance development reviews; proposes security solutions and strategy changes
Leads and conducts security audits & assessments, collaborates to develop mitigation plans and monitors remediation efforts
Leads policy and compliance reviews and develops documentation updates
Builds procedures to standardize processes and ensures continuous improvement
Collaborates with product teams and developers to respond to security questionnaires as needed
Identifies blind spots in our security posture and recommends security strategy and tools/solutions
Works with legal, IT, product, and engineering teams to ensure alignment on security and compliance initiatives
Manages planning and implementation of security compliance solutions with minimal input from leadership and staying within approved project scope, schedule and budget
Promotes security awareness and best practices within the organization
Prepares reports for management and regulatory bodies
Exhibits strong business acumen, communications skills and customer-focused behaviors
Contribute to creation of playbooks, standard operating procedures
Requirements
4-10 years experience combined in GRC, Risk Management, Privacy
Possesses a broad set of both security and compliance skills based on industry frameworks
Experience managing security compliance programs such as SOC2 Type2, HIPAA, PCI
Experience with GRC tools such as One Trust, Drata etc to identify risks, track remediations and build reports
Understanding of risk and control frameworks and ability to contextualize them for the business
Demonstrates strong problem solving skills and capable of working independently
Consistently contributes towards successes and drives team goals
Capable of filling in for leadership on a temporary basis
Security industry certifications are preferred but not required
Excellent oral, written and presentation skills
Ability to influence outcomes without direct authority
A proven track record of complex problem solving and cultivating strong collaboration across organizational boundaries
A reliable self-starter who makes sound, well-informed and objective decisions and works independently with the ability to manage complex situations and solve problems
Location
Portland, Oregon
#J-18808-Ljbffr
WebMD is an Equal Opportunity/Affirmative Action employer and does not discriminate on the basis of race, ancestry, color, religion, sex, gender, age, marital status, sexual orientation, gender identity, national origin, medical condition, disability, veterans status, or any other basis protected by law.
About the role The Security Compliance Engineer/Sr Engineer leads and assists day-to-day of the cyber security compliance program. They must understand common security compliance frameworks (e.g. HIPAA, NIST, ISO, SOC2 etc), systems, GRC tools, and Security Risk Management processes. The Sr SE will help mentor our team members by taking responsibility for the design, implementation, and maintenance of systems, and for proactively identifying and mitigating security risks across an organization's infrastructure and applications.
Responsibilities
Plans and leads policy and compliance development reviews; proposes security solutions and strategy changes
Leads and conducts security audits & assessments, collaborates to develop mitigation plans and monitors remediation efforts
Leads policy and compliance reviews and develops documentation updates
Builds procedures to standardize processes and ensures continuous improvement
Collaborates with product teams and developers to respond to security questionnaires as needed
Identifies blind spots in our security posture and recommends security strategy and tools/solutions
Works with legal, IT, product, and engineering teams to ensure alignment on security and compliance initiatives
Manages planning and implementation of security compliance solutions with minimal input from leadership and staying within approved project scope, schedule and budget
Promotes security awareness and best practices within the organization
Prepares reports for management and regulatory bodies
Exhibits strong business acumen, communications skills and customer-focused behaviors
Contribute to creation of playbooks, standard operating procedures
Requirements
4-10 years experience combined in GRC, Risk Management, Privacy
Possesses a broad set of both security and compliance skills based on industry frameworks
Experience managing security compliance programs such as SOC2 Type2, HIPAA, PCI
Experience with GRC tools such as One Trust, Drata etc to identify risks, track remediations and build reports
Understanding of risk and control frameworks and ability to contextualize them for the business
Demonstrates strong problem solving skills and capable of working independently
Consistently contributes towards successes and drives team goals
Capable of filling in for leadership on a temporary basis
Security industry certifications are preferred but not required
Excellent oral, written and presentation skills
Ability to influence outcomes without direct authority
A proven track record of complex problem solving and cultivating strong collaboration across organizational boundaries
A reliable self-starter who makes sound, well-informed and objective decisions and works independently with the ability to manage complex situations and solve problems
Location
Portland, Oregon
#J-18808-Ljbffr