Job Description :
Description:
Top non-negotiable technical skills needed for a worker to hit the ground running:
2-4 years experience with application programming/scripting languages (C, C#, Go, Java, Perl, Power Shell)
2-3 years with Identity and Access Management (IAM) suites such as IBM Tivoli, CA IAM, SailPoint, RSA Aveksa, or Micro Focus/Novell
Desired Soft Skills:
Prioritization and communication skills
Key Functions:
The Information Security Engineer II is responsible for the operations and maintenance of enterprise information security controls.
Responsible for ensuring the appropriate operational security procedure is maintained for information systems, programs and data.
Maintains and assists in developing the processes and systems to effectively manage the operations of security systems throughout the enterprise.
Advises on security best practices, security strategy, security architecture, and security design work.
Works within the Security Operations & Engineering team that monitors and protects CHI systems from ongoing threats.
Enforces national policies, standards and procedures.
Implements new technologies and systems.
RESPONSIBILITIES:
§ Conduct routine information security procedures including, documentation, metrics reporting, change control, maintaining ticketing queues, etc.
§ Assists in the development, implementation, and day to day maintenance of IT security & control infrastructures.
§ Provides on staff consulting for security requirements in system development activities, policies, standards and procedures.
§ Supports the implementation and ongoing operations of access controls and user access rights as required.
§ Maintains knowledge of applicable IT security and governance laws, regulations, and policies that impact the health industry including HIPAA, HITECH, and PCI.
§ Work collaboratively with multidisciplinary teams to implement new technology, support existing, and at times do so after normal business hours.
§ Researches and recommends security solutions, products and Implements new security controls.
§ Centrally monitors critical systems and responds to security events according to procedure and experience.
§ Installs, configures, manages, and maintains mission critical security tools
§ Provides mentoring to staff as a means to develop job satisfaction and coordinates cross training opportunities with other technical support groups.
§ Support the CIRT team during a cyber incident as needed
§ Apply strategy and tactical responses in real-time in a high stress and changing environment.
§ Protects CHI data and maintains confidentiality, integrity and availability.
§ Participates in team on-call coverage rotation.
§ Provides technical support for day-to-day security operations, change management and business continuity programs.
SKILLS, REQUIREMENTS AND CERTIFICATIONS:
Bachelor of Science degree in related field (preference for CIS)
May substitute an equivalent combination of education and experience.
Candidate should have experience in one or more of the following disciplines: Single Sign on solutions (i.e. Imprivata, Caradigm, AD FS, Okta); Access Request/Governance; LDAP, Active Directory; Application Level Security
2-4 years experience with application programming/scripting languages (C, C#, Go, Java, Perl, Power Shell)
2-3 years with Identity and Access Management (IAM) suites such as IBM Tivoli, CA IAM, SailPoint, RSA Aveksa, or Micro Focus/Novell
2+ years of Implementation or IT operational experience with end user product. Healthcare environment preferred.
Relevant industry certification in security or information technology (CISSP, Security+, CIAM, CAMS, CCNA, CCNP or Vendor Certifications) preferred.
Strong skills and experience in the following:
o Security policies procedures and leading practices
o Risk management & mitigation
o Strong problem solving and analytical capabilities.
o Excellent written and verbal communication skills.
ADDITIONAL RESPONSIBILITIES:
· Collaborates with the information risk management and compliance groups to identify, prioritize and respond to risk components, develop security architecture, implement and maintain infrastructure in support of business strategy.
· Facilitates and reviews control and compliance initiatives, such as self-assessments, third party reviews and due diligence initiatives.
· Gathers information from multiple sources to enhance the operations of the security teams in assuring the overall mission.
· Adheres to and exhibits our core values:
· Reverence: Having a profound spirit of awe and respect for all creation, shaping relationships to self, to one another and to God and acknowledging that we hold in trust all that has been given to us.
· Integrity: Moral wholeness, soundness, uprightness, honesty and sincerity as a basis of trustworthiness.
· Compassion: Feeling with others, being one with others in their sorrows and joys, rooted in the sense of solidarity as members of the human community.
· Excellence: Outstanding achievement, merit, virtue; continually surpassing standards to achieve/maintain quality.
· Maintains confidentiality and protects sensitive data at all times.
· Adheres to organizational and department specific safety standards and guidelines.
· Works collaboratively and supports efforts of team members.
· Demonstrates exceptional customer service and interacts effectively with physicians, patients, residents, visitors, staff and the broader health care community.
· Provide technical environment assessment, complex technical analysis, workflow analysis, implementation planning, and hands-on technical implementation and configuration