The Christ Hospital Health Network
Senior IT Security Vulnerability Management Engineer - CBO IT Security - Full-Ti
The Christ Hospital Health Network, Cincinnati, Ohio, United States, 45208
Senior IT Security Vulnerability Management Engineer - CBO IT Security - Full-Time Days
The Security Professional supports the Information Security department’s goals and objectives by performing multiple technical or functional roles. Information Security’s goals and objectives are to develop information, computer, network, product, application and related business security policies, and mandate minimum security standards for The Christ Hospital Health Network (TCHHN) and its associated businesses and or partners; facilitate or implement tasks or processes in support of security policies and standards; and assess compliance with such TCHHN Security policies. The security professional will actively promote awareness of these Security Policies and related security topics throughout TCHHN. Additionally the security professional will act as a subject matter expert for the CISO and perform governance, risk management and compliance (GRC) as required.
Responsibilities
Tracks and manages information security risks and identifies information security vulnerabilities and facilitates required remediation activities.
Performs risk and security impact analysis to address compliance with applicable laws, regulations, requirements and to effect positive financial security investments.
Manages or facilitates compliance audits and or investigations.
Designs and implements internal controls/standards & procedures that ensure compliance with security standards that meet existing regulatory security requirements.
Contributes to the development of policies and standards as needed to reflect evolving TCHHN needs.
Coordinates and conducts internal security audits to ensure the effectiveness of TCH’s security parameters.
Participates and advises in TCHHN risk programs.
Ensures the confidentiality, integrity and availability of current information systems appropriately utilizes resources to protect data (HIPAA/HITECH/PCI/PII, etc.).
Implements commercially reasonable information security solutions in line with business goals and strategies.
Resolves operational conflicts that arise between projects and daily operations.
Manages stakeholder expectations, understands business priorities and communicates security approaches and or requirements appropriately.
Implements approved service requests according to standard procedures.
Reviews change requests with information security impact and provides direction.
Executes changes in a controlled, organized manner following established change management processes.
Manages, monitors, executes security operational tools to include (but not limited to): Intrusion Prevention Systems/next generation firewall, Web Content Filter, Advanced Persistent Threat systems and analysis, Forensic toolsets, Advanced next generation anti-virus & malware toolsets, Email security virtual appliances, Logging/Monitoring/Incident Detection systems.
Monitors routine information security processes and tickets, manages information security incidents and problems to agreed service levels, and monitors KPI’s on a continuous basis to ensure information security controls meet business needs.
Operations
Mentors security team members as assigned.
Establishes work standards, prioritizes and delivers on key initiatives.
Assists in the development of awareness training and communication programs to effectively communicate company security and privacy policies.
Fosters a service-oriented atmosphere of teamwork between the business and IT.
Maintains unquestionable integrity, credibility, business ethics and character.
Is self-directed, takes ownership & responsibility and ensures high-quality output.
Possesses outstanding communication skills with a demonstrated ability to connect with people on business needs, infrastructure issue resolution and projects.
Other Duties
Communicates with team members to convey risk related to specific lines of business within the Hospital that deal with legal, compliance, personnel security, public relations and other issues directly tied to security risk.
Performs project management functions as needed or required.
Stays current on HIPAA, HITECH, PCI and other relevant security regulations.
Performs other duties as necessary or assigned by the Chief Information Security Officer and Executive Management.
Qualifications Knowledge and Skills (Required)
Information Security
Information Technology
Project Management
Business or Security Informatics
Audit & Assurance
Enterprise Risk Management Additional Skills and Knowledge (Preferred)
Configuration Management
Change Management
Incident Management
Threat and Vulnerability Management
IT Security Management
Project Management
Experience and working knowledge of NIST 800-53 (current revision), risk frameworks and risk analysis
Experience implementing and monitoring Key Risk Indicators (KRI’s) and continuous process improvement methodologies
Experience in healthcare information technology delivery processes
Business-aligned approach to IT strategy and operations
Thorough knowledge of multi-platform processing and health, availability and performance monitoring tools used for managing an IT infrastructure; including but not limited to: network components, distributed systems, storage area networks, security, asset configurations, applications, databases, etc.
Ability to manage several projects and tasks simultaneously
Excellent communication, presentation and documentation skills
Education
Bachelor of Science degree in a business/technical discipline.
Years of Experience
Five (5) or more years of related professional security experience.
Licenses & Certifications (Minimum)
CISSP*
CRISC**
CISA**
HCISSP or CHSP (or relevant healthcare security certification)**
Leadership and Impact
Customer Insight, Collaboration Across Businesses and Borders, Initiates and Leads Change, Accountable for Driving Results, Makes Timely and Informed Decisions, and Ability to Take Risks.
About Us For more than 130 years, The Christ Hospital has been the beacon for exceptional healthcare in the Greater Cincinnati community. We're industry pioneers, always pushing the boundaries and reimagining the future of healthcare. Our culture promotes collaboration, diversity and innovation. Together, as a team, we work tirelessly to enhance healthcare quality, accessibility and safety.
Seniority level: Mid-Senior level. Employment type: Full-time.
#J-18808-Ljbffr
Responsibilities
Tracks and manages information security risks and identifies information security vulnerabilities and facilitates required remediation activities.
Performs risk and security impact analysis to address compliance with applicable laws, regulations, requirements and to effect positive financial security investments.
Manages or facilitates compliance audits and or investigations.
Designs and implements internal controls/standards & procedures that ensure compliance with security standards that meet existing regulatory security requirements.
Contributes to the development of policies and standards as needed to reflect evolving TCHHN needs.
Coordinates and conducts internal security audits to ensure the effectiveness of TCH’s security parameters.
Participates and advises in TCHHN risk programs.
Ensures the confidentiality, integrity and availability of current information systems appropriately utilizes resources to protect data (HIPAA/HITECH/PCI/PII, etc.).
Implements commercially reasonable information security solutions in line with business goals and strategies.
Resolves operational conflicts that arise between projects and daily operations.
Manages stakeholder expectations, understands business priorities and communicates security approaches and or requirements appropriately.
Implements approved service requests according to standard procedures.
Reviews change requests with information security impact and provides direction.
Executes changes in a controlled, organized manner following established change management processes.
Manages, monitors, executes security operational tools to include (but not limited to): Intrusion Prevention Systems/next generation firewall, Web Content Filter, Advanced Persistent Threat systems and analysis, Forensic toolsets, Advanced next generation anti-virus & malware toolsets, Email security virtual appliances, Logging/Monitoring/Incident Detection systems.
Monitors routine information security processes and tickets, manages information security incidents and problems to agreed service levels, and monitors KPI’s on a continuous basis to ensure information security controls meet business needs.
Operations
Mentors security team members as assigned.
Establishes work standards, prioritizes and delivers on key initiatives.
Assists in the development of awareness training and communication programs to effectively communicate company security and privacy policies.
Fosters a service-oriented atmosphere of teamwork between the business and IT.
Maintains unquestionable integrity, credibility, business ethics and character.
Is self-directed, takes ownership & responsibility and ensures high-quality output.
Possesses outstanding communication skills with a demonstrated ability to connect with people on business needs, infrastructure issue resolution and projects.
Other Duties
Communicates with team members to convey risk related to specific lines of business within the Hospital that deal with legal, compliance, personnel security, public relations and other issues directly tied to security risk.
Performs project management functions as needed or required.
Stays current on HIPAA, HITECH, PCI and other relevant security regulations.
Performs other duties as necessary or assigned by the Chief Information Security Officer and Executive Management.
Qualifications Knowledge and Skills (Required)
Information Security
Information Technology
Project Management
Business or Security Informatics
Audit & Assurance
Enterprise Risk Management Additional Skills and Knowledge (Preferred)
Configuration Management
Change Management
Incident Management
Threat and Vulnerability Management
IT Security Management
Project Management
Experience and working knowledge of NIST 800-53 (current revision), risk frameworks and risk analysis
Experience implementing and monitoring Key Risk Indicators (KRI’s) and continuous process improvement methodologies
Experience in healthcare information technology delivery processes
Business-aligned approach to IT strategy and operations
Thorough knowledge of multi-platform processing and health, availability and performance monitoring tools used for managing an IT infrastructure; including but not limited to: network components, distributed systems, storage area networks, security, asset configurations, applications, databases, etc.
Ability to manage several projects and tasks simultaneously
Excellent communication, presentation and documentation skills
Education
Bachelor of Science degree in a business/technical discipline.
Years of Experience
Five (5) or more years of related professional security experience.
Licenses & Certifications (Minimum)
CISSP*
CRISC**
CISA**
HCISSP or CHSP (or relevant healthcare security certification)**
Leadership and Impact
Customer Insight, Collaboration Across Businesses and Borders, Initiates and Leads Change, Accountable for Driving Results, Makes Timely and Informed Decisions, and Ability to Take Risks.
About Us For more than 130 years, The Christ Hospital has been the beacon for exceptional healthcare in the Greater Cincinnati community. We're industry pioneers, always pushing the boundaries and reimagining the future of healthcare. Our culture promotes collaboration, diversity and innovation. Together, as a team, we work tirelessly to enhance healthcare quality, accessibility and safety.
Seniority level: Mid-Senior level. Employment type: Full-time.
#J-18808-Ljbffr