Description
Information Security EngineerPurpose of the Role PerCISSP Palonced development, implementation and assurance of technical security strateIPes ahealthcarebusiness
- Develops assurance of information security mechanisms and services throughout the Health System.
- Using expertise in security systems performs probes of the network, applications and devices to determine if security vulnerabilities exist or if security and access control policies have been violated.
- Provides advanced technical guidance in project implementation and security-based training
- Provides ITS solutions and services which ultimately contribute to patient safety and care
Essential Job Functions
Within established frameworks, participates in the development, implementation and assurance of technical security strategies, with little to no supervision. Considered an expert on IT security matters.
- Responsible for the established assurance of information security mechanisms and services throughout the enterprise.
- Works as part of a cross-functional team that manages a full spectrum of technology issues and problems providing security-based direction in technical standards, planning and strategy.
- Participates in the implementation of complex key security initiatives and global security parameters based upon the level of risk for all enterprise IT platforms and infrastructure.
- Provides internal consulting, internal analysis and security reviews to support project teams and business units in identifying secure solutions for attaining business goals and objectives.
- Remains current on potential business threats and is proactive in supporting new security policies and modifications to current security policies.
- Performs probes of the network, applications, and devices to determine if security vulnerabilities exit and if security and access control policies have been violated.
- Needs to be available for on-call duty when necessary.
Qualifications
- Bachelor's degree in computer science, information sciences, engineering, math or related field required; experience or alternative degree may be considered in lieu of required education.
- Minimum of 6 years experience in complex corporate systems environment with a wide variety of information management systems, networks and technologies.
- Minimum of 4 years of experience in enterprise security management, preferably in a healthcare setting.
- CISSP certification preferred with at least one other certification required: CNE, MCSE, GIAC or other engineer level industry standard certification.
- Advanced technical knowledge of network security systems, tools and utilities to include:
- Advanced knowledge of security and contingency planning concepts to include data integrity, authentication and authorization.
- Advanced knowledge of firewall topologies as applied to Internet/Intranet/Extranet deployment.
- Advanced knowledge of encryption, VPNs, network security architecture and protocols, intrusion testing methods, attack recognition and response systems, and business continuity planning and testing.
- Expert technical knowledge of security tools to include security scanning, anti-virus and IP Packet construction/de-construction algorithms.
- Advanced knowledge of the firewalls and security system configurations to include Cisco PIX, Palo Alto firewalls.
Extensive knowledge of biometric and multi-factor, strong authentication technologies. - Understanding of patient privacy (HIPAA) rules.