IT Security Vulnerability Management Engineer - CBO IT Security - Full Time - Days
- Req #: 11677
- Address: 2100 Sherman Ave
- City, State: Norwood, OH
- Zip: 45212
- Type: Full time
- Shift: Day
Job Description
The Security Professional supports the Information Security department's goals and objectives by performing multiple technical or functional roles. Information Security's goals and objectives are to develop information, computer, network, product, application and related business security policies, and mandate minimum security standards for The Christ Hospital Health Network (TCHHN) and its associated businesses and or partners; facilitate or implement tasks or processes in support of security policies and standards; and assess compliance with such TCHHN Security policies. The security professional will actively promote awareness of these Security Policies and related security topics throughout TCHHN. Additionally the security professional will act as a subject matter expert for the CISO and perform governance, risk management and compliance (GRC) as required.
Responsibilities
IT Infrastructure & Security Operations and Support:
• Ensures the confidentiality, integrity and availability of current information systems appropriately utilizes resources to protect data (HIPAA/HITECH/PCI/PII, etc.)
• Recommend, design, document, and where appropriate, implement reasonable information security solutions in line with business goals and strategie
• Resolves operational conflicts that arise between projects and daily operation
• Install security measures and operate software to protect systems and information infrastructure, including firewalls and data encryption programs.
• Deploy and configure technology, partnering with IT Infrastructure teams and vendor product professional service partner
• Work with IT teams to perform tests and uncover vulnerabilities.
• Drive the selection, POC, implementation and operational deployment of new security technology solutions to ensure the confidentiality, integrity and availability of business data
• Assist in fixing detected vulnerabilities to maintain a high-security standard.
• Execute company-wide best practices for IT security.
• Perform penetration testing.
• Help colleagues install security software and understand information security management.
• Investigate security breaches and other cybersecurity incidents.
• Document security breaches and assess the damage they cause
• Execute changes in a controlled, organized manner following established change management processe
• Manage, monitor, execute security operational tools to include (but not limited to):
• Intrusion Prevention Systems/next generation firewall
• Web Content Filter
• Advanced Persistent Threat systems and analysi
• Forensic toolset
• Advanced next generation anti-virus & malware toolset
• Email security virtual appliance
• Logging/Monitoring/Incident Detection system
• Stays current on HIPAA, HITECH, PCI and other relevant security regulations
Performs other duties as necessary or assigned by the Chief Information Security Officer and Executive Management
Risk Management / Compliance / Governance
• Tracks and manages information security risks and identifies information security vulnerabilities and facilitates required remediation activitie
• Perform risk and security impact analysis to address compliance with applicable laws, regulations, requirements and to effect positive financial security investment
• Designs and implements internal controls/standards & procedures that ensure compliance with security standards that meet existing regulatory security requirement
Contributes to the development of policies and standards as needed to reflect evolving TCHHN need
Leadership:
• Manage stakeholder expectations, understand business priorities and communicate security approaches and or requirements appropriately Ability to establish work standards, prioritize and deliver on key initiative
• Assist in the development of awareness training and communication programs to effectively communicate company security and privacy policie
• Fosters a service-oriented atmosphere of teamwork between the business and IT
• Must be a professional of unquestionable integrity, credibility, business ethics and character
• Research security enhancements and make recommendations to management.
• Stay up-to-date on information technology trends and security standards.
• Must be self-directed, take ownership & responsibility and ensure high quality output
Outstanding communication skills with a demonstrated ability to connect with people on business needs, infrastructure issue resolution and project
Qualifications
KNOWLEDGE AND SKILLS:
In the sections below, please minimum education/training (degrees, certifications, and licenses) necessary to enter the job. Provide the minimum job-related, and industry experience necessary to enter the job. Be specific about what qualifications/skills are required to handle the responsibilities of the job.
EDUCATION: Bachelor of Science degree in business/technical discipline
YEARS OF EXPERIENCE: 3+ years of related professional security experience
REQUIRED SKILLS AND KNOWLEDGE: Candidates for this role should possess experience and knowledge in most all of the below mentioned skills in the specific duties and responsibilities section, of this job description, and be willing to commit to additional training as needed:
• Information Security
• Information Technology
• Project Management
• Business or Security Informatic
• Audit & Assurance
• Enterprise Risk Management
• Corporate Compliance
• Security Architecture/design strategy
• Compliance readiness assessments
LICENSES REGISTRATIONS &/or CERTIFICATIONS:
Other Credentials Required or Preferred: CISSP preferred
About Us
For more than 130 years, The Christ Hospital been the beacon for exceptional healthcare in the Greater Cincinnati community. We're industry pioneers, always pushing the boundaries and reimagining the future of healthcare.
Our culture promotes collaboration, diversity and innovation. Together, as a team, we work tirelessly to enhance healthcare quality, accessibility and safety.
The Security Professional supports the Information Security department's goals and objectives by performing multiple technical or functional roles. Information Security's goals and objectives are to develop information, computer, network, product, application and related business security policies, and mandate minimum security standards for The Christ Hospital Health Network (TCHHN) and its associated businesses and or partners; facilitate or implement tasks or processes in support of security policies and standards; and assess compliance with such TCHHN Security policies. The security professional will actively promote awareness of these Security Policies and related security topics throughout TCHHN. Additionally the security professional will act as a subject matter expert for the CISO and perform governance, risk management and compliance (GRC) as required.
Responsibilities
IT Infrastructure & Security Operations and Support:
• Ensures the confidentiality, integrity and availability of current information systems appropriately utilizes resources to protect data (HIPAA/HITECH/PCI/PII, etc.)
• Recommend, design, document, and where appropriate, implement reasonable information security solutions in line with business goals and strategie
• Resolves operational conflicts that arise between projects and daily operation
• Install security measures and operate software to protect systems and information infrastructure, including firewalls and data encryption programs.
• Deploy and configure technology, partnering with IT Infrastructure teams and vendor product professional service partner
• Work with IT teams to perform tests and uncover vulnerabilities.
• Drive the selection, POC, implementation and operational deployment of new security technology solutions to ensure the confidentiality, integrity and availability of business data
• Assist in fixing detected vulnerabilities to maintain a high-security standard.
• Execute company-wide best practices for IT security.
• Perform penetration testing.
• Help colleagues install security software and understand information security management.
• Investigate security breaches and other cybersecurity incidents.
• Document security breaches and assess the damage they cause
• Execute changes in a controlled, organized manner following established change management processe
• Manage, monitor, execute security operational tools to include (but not limited to):
• Intrusion Prevention Systems/next generation firewall
• Web Content Filter
• Advanced Persistent Threat systems and analysi
• Forensic toolset
• Advanced next generation anti-virus & malware toolset
• Email security virtual appliance
• Logging/Monitoring/Incident Detection system
• Stays current on HIPAA, HITECH, PCI and other relevant security regulations
Performs other duties as necessary or assigned by the Chief Information Security Officer and Executive Management
Risk Management / Compliance / Governance
• Tracks and manages information security risks and identifies information security vulnerabilities and facilitates required remediation activitie
• Perform risk and security impact analysis to address compliance with applicable laws, regulations, requirements and to effect positive financial security investment
• Designs and implements internal controls/standards & procedures that ensure compliance with security standards that meet existing regulatory security requirement
Contributes to the development of policies and standards as needed to reflect evolving TCHHN need
Leadership:
• Manage stakeholder expectations, understand business priorities and communicate security approaches and or requirements appropriately Ability to establish work standards, prioritize and deliver on key initiative
• Assist in the development of awareness training and communication programs to effectively communicate company security and privacy policie
• Fosters a service-oriented atmosphere of teamwork between the business and IT
• Must be a professional of unquestionable integrity, credibility, business ethics and character
• Research security enhancements and make recommendations to management.
• Stay up-to-date on information technology trends and security standards.
• Must be self-directed, take ownership & responsibility and ensure high quality output
Outstanding communication skills with a demonstrated ability to connect with people on business needs, infrastructure issue resolution and project
Qualifications
KNOWLEDGE AND SKILLS:
In the sections below, please minimum education/training (degrees, certifications, and licenses) necessary to enter the job. Provide the minimum job-related, and industry experience necessary to enter the job. Be specific about what qualifications/skills are required to handle the responsibilities of the job.
EDUCATION: Bachelor of Science degree in business/technical discipline
YEARS OF EXPERIENCE: 3+ years of related professional security experience
REQUIRED SKILLS AND KNOWLEDGE: Candidates for this role should possess experience and knowledge in most all of the below mentioned skills in the specific duties and responsibilities section, of this job description, and be willing to commit to additional training as needed:
• Information Security
• Information Technology
• Project Management
• Business or Security Informatic
• Audit & Assurance
• Enterprise Risk Management
• Corporate Compliance
• Security Architecture/design strategy
• Compliance readiness assessments
LICENSES REGISTRATIONS &/or CERTIFICATIONS:
Other Credentials Required or Preferred: CISSP preferred
About Us
For more than 130 years, The Christ Hospital been the beacon for exceptional healthcare in the Greater Cincinnati community. We're industry pioneers, always pushing the boundaries and reimagining the future of healthcare.
Our culture promotes collaboration, diversity and innovation. Together, as a team, we work tirelessly to enhance healthcare quality, accessibility and safety.
