Information Security Engineer II

Job Objective:

A brief overview of the position.
Safeguards EMCs computer systems, network, and data. Develops, implements, and monitors security controls to protect sensitive data and prevent unauthorized access.

Reports to
Chief Information Security Officer (CISO)

Supervises
N/A

Ages of Patients

Blood Borne Pathogens
Minimal/No Potential

Qualifications
Education
Required: Bachelor's degree in information security, cybersecurity, information technology, computer science or an additional four (4) years of applicable experience in lieu of bachelor's degree

Licensure/Certification
Required: One (1) of the following certifications: CISSP, CASP CE, CSSLP, ISSAP or ISSEP
Preferred: HCISPP or similar healthcare related certification

Experience
Required: Five (5) years of experience in a technical security focused IT role such as systems administration, systems engineering, cloud security, network administration, information security engineer or nine (9) years of experience in lieu of bachelor's degree
Preferred: Experience working within a regulated enterprise environment and with the creation of architecture, process, and procedural documentation; experience with compliance audits and risk assessments

Essential Responsibilities
1. Demonstrates compliance with Code of Conduct and compliance policies, and takes action to resolve compliance questions or concerns and report suspected violations.
2. Supports and implements Eisenhower Medical Center's (EMC) information security strategy.
3. Develops technical mapping of security strategy to security controls.
4. Develops and performs security risk assessments and compliance audits.
5. Develops and manages resilient threat intelligence and vulnerability management processes.
6. Develops security requirements plans for projects and technical review board.
7. Develops, implements, and documents secure configuration standards for hardware and software solutions.
8. Leads Incident Response efforts as a subject matter expert on cybersecurity.
9. Creates, documents, and implements information security procedures, workflows, and architectures.
10. Implements and tests security controls to mitigate risk to an acceptable level and achieve desired outcomes.
11. Recommends security controls and corrective actions for identified risks and vulnerabilities.
12. Monitors threat intelligence and vulnerability feeds to assess and communicate emerging risk to EMC stakeholders.
13. Ensures ongoing compliance with state and federal regulatory requirements.
14. Collaborates with workforce members to ensure security requirements are implemented and followed.
15. Provides feedback to leadership on security related policies and creates aligned procedures.
16. Recommends, implements, and manages information security applications and tools.
17. Assists with employee security awareness training and mentorship program to promote a culture of security within the organization.
18. Performs other duties as assigned.