Director of IT – Cybersecurity

The Director of IT-Cybersecurity is responsible for all policy and regulatory compliance for all current and future state technology initiatives for a fast-growing post-acute healthcare delivery organization.  This position reports directly to the CIO and partners closely with legal and compliance to align policy that protects the business and guides and supports our decision making as we evolve our technology stack and rationalize platforms.   

We are looking for a leader that works well within cross functional teams, and that can lead and drive accountability for a team and business partners across multiple geographies.   The leader will lead the delivery of end-to-end technology capabilities in support of operations.  Will act as an advisor to senior leadership, engineering, and security functions. In this role the successful candidate will guide technology and cybersecurity investment decisions and strategic operational shifts that pertain to technology and cybersecurity.

This person will establish and administer the overall strategies and procedures for the information security function. Focuses on protecting organization IT and data assets. Develops and implements solutions to identity, detect cybercrime, hacking, or inadvertent modification to data assets. Conducts risk audits and assessments to harden cyber security environment. Responsible for monitoring and analyzing system logs and incidents. Establishes procedures for responding and recovering from data breaches.

 

What you will do:

  • Develops overall IT cyber security strategy.
  • Defines and maintains cyber security architecture framework and process to enable

company to develop, implement, and measure security capabilities aligned with business,

technology, and threat drivers.

  • Develops strategies to address evolving threats to systems and data, including advanced

cyber-attacks, data exfiltration and leakage and information extortion, and defines

priorities for improvements to company's security posture.

  • Defines, implements, and maintains corporate security policies and procedures.
  • Monitors security vulnerabilities, threats, and events in network and host systems.
  • Develops strategies to handle security incidents and coordinates investigative activities.
  • Designs and implements education programs focused on user awareness and security

compliance.

  • Reviews, evaluates design, and operational effectiveness of cyber security controls and

countermeasures used to protect company applications, services, and solutions.

  • Reviews cyber security technologies, tools, and services and makes recommendations for

use based on security, financial, and operational criteria.

  • Builds and manages high performing multi-disciplinary cyber security team to support

company and role.

 

Qualification

  • 7 years required, 10 years preferred of significant developing and implementing cyber

security practices.

  • 7 years required, 10 years preferred of working with vendors to assess, procure, and

implement solutions.

  • 7 years required, 10 years preferred of senior level experience, including advising,

influencing, and developing solution architectures in global organizations with complex

Information System environments.

  • 7 years required, 10 years preferred of instituting new policies and procedures in large

organizations.

  • Highly technically competent with ability to assimilate new technologies and identify

where they can be applied to strategies, processes, and organization to support business

objectives

  • Robust in enforcing architecture disciplines and standards and persuasive in pushing

forward new and innovative technologies and methods

  • Ability to articulate complex solutions concisely and with clarity at senior management

level

  • Ability to identify, prioritize, and weigh different options and recommend a constructive

solution

  • Strong and effective communication skills and relationship building skills
  • Strong analytical skills with an ability to map business vision to strategy
  • Strong administrative, time management, prioritization, and multi-tasking skills

Education

  • Bachelor’s degree or related required. Masters degree preferred.

Cyber Security Engineer II

Job Details

Description

 

What this position does to contribute to the Company’s success 

  • Implement, administer, and document security solutions for the protection of the corporate data, systems, and networks.
  • Ensure system patching is maintained, providing support, and engaging as necessary to remediate any deficiencies
  • Work with network security engineers, systems administrators, and developers to implement security controls and processes.
  • Develop technical solutions and strategy to help mitigate security vulnerabilities and automate repeatable tasks
  • Manage and troubleshoot support tickets escalated to Cyber Security Technology Team on web proxy, SIEM, DLP and other security tools.  
  • Works with other IT associates to ensure the security tools are integrated into corporate infrastructure.
  • Skilled at explaining complex technical issues in terms understandable by the business
  • Works with other IT associates to ensure security tools are integrated into corporate infrastructure. 
  • Stay current with and remain knowledgeable about new threats. Analyze threat actor tactics, techniques, and procedures (TTPs) from security events across a large heterogeneous network of security devices and end-user systems
  • Assists the security team in incident response and resolution.
  • Perform on-call duties as assigned.
  • Perform technical training of troubleshooting support and procedures.
  • Technical point of contact for the Cyber Security Technology Team. 
  • Complies with all security policies and procedures to ensure the highest level of system and data confidentiality, integrity and availability.
  • Other duties and/or responsibilities not specifically set forth above may, however, be assigned as needed.  Whenever practicable and, in accordance with legal guidelines, reasonable accommodation[s] will be made to enable an otherwise qualified individual with a disability to perform the essential functions of the position.

Qualifications 

  • Bachelor’s degree or equivalent from four-year college or university required. 
  • Equivalent experience can substitute for education. 
  • 5 years or more related experience or training required. 
  • Professional level routing and security certification required. 
  • Engineering level routing or security certification preferred.  
  • Excellent analytical and troubleshooting skills required. 
  • Must be a self-starter with sound problem solving and troubleshooting skills. 
  • Must be flexible and a team player. 
  • Exceptional interpersonal, communication (verbal and written), and presentation skills required 
  • Must be a self-starter with the ability to multi-task, effectively prioritize, and deliver in a fast-paced, dynamic environment. 
  • Must have proven planning and organization skills. 
  • Highly proficient in the use of Microsoft Office, including Outlook, Access, Excel, Word, and PowerPoint required. 
  • Hands-on experience with information security tools such as vulnerability scanners, web proxies, DLP, firewalls and other security tools.  

 

Core Competencies

Committed:?Values each and every customer, while working hard to keep their business and support our communities. 
Helpful:?Delivers support in the ways that are most useful to our customers and addresses their needs with expertise, respect, and empathy. 
Proactive:?Understand what our customers need, and actively works to make their relationship with use seamless, easy, and rewarding. 
Personal:?Knows our customers well, and tailors our communications and interactions to address their needs and expectations. 
 

Cable One, Inc. is committed to keeping our associates and customers safe. ?Job offers are contingent upon the results of background, driving (if applicable), physical (if applicable), drug screening and reference check. Only after successfully passing these pre-hire clearances are individuals approved for hire and ready to start their successful and rewarding career. 

Diversity lies in the communities we serve and among the associates who dedicate themselves to ensure our continued success. Here at Cable One, we believe it is our individual and unique talents, backgrounds and perspectives that, when combined, truly make us an unstoppable force. "Stronger Together" is not just a verbal cue, it is the motto that our associates live by, exemplify and embody each and every day. Cable One and all of its subsidiaries provide Equal Employment Opportunities to all individuals of different race, creed, color, religion, national origin, nationality, ancestry, sex/gender, pregnancy, affectional or sexual orientation, gender identity, age, disability, marital status, citizenship, genetic information, veteran status, or any other category protected by applicable law. 

EOE/Disability 

#LI-SJ1

Sr. Information Security Engineer

JOB DESCRIPTION

Job Title: Senior Information Security Engineer

FLSA Exemption Status:

State/Business Line Specific:

Reports to: Chief Information Security Officer

Supervises:

Job Summary

 

The Senior Information Security Engineer will develop and implement security technology, system architecture, and technological solutions for the protection of computers, networks, cloud services, software, data, and/or information systems against emerging security threats such as viruses, worms, spyware, malware, intrusion detection, unauthorized access, denial-of-service attacks, and an ever increasing list of attacks by hackers acting as individuals or as part of organized crime or foreign governments. This includes but is not limited to role-based access grids, risk assessment, policies and procedures, training, audit and monitoring, vulnerability assessments, configuration management, investigations of security breaches and complaint resolution. 

 

Essential Functions and Work Responsibilities

 

Functional Category: Information Security

Estimated Percent of time Spent – 95%

  • Lead/Support security design efforts on projects and collaborate within and outside the Information Security team.
  • Security administration of Azure Cloud Security(SaaS and IaaS), Privilege Access Management platform, Firewall and Internet filtering, Security Information and Event Management (SIEM), Vulnerability Management (VM) system, Intrusion Detection/Prevention (IDS/IPS), Data loss Prevention (DLP), Data Access Governance (DAG), multi-factor authentication, email security, database security, advanced endpoint protection and cloud instances.
  • Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) of existing/new hardware and software being introduced into the InnovAge’s environment.
  • Design, implement and oversee constant real-time monitoring of IT Security devices and tool sets to include firewalls, intrusion detection/preventions (IDS/IPS), data loss prevention (DLP), web services, email security, vulnerabilities, and software patch maintenance.
  • Coordinate penetration testing activities being performed by Third parties and be responsible for coordinating the remediation of vulnerabilities found during the testing.
  • Perform malware analysis, network forensics, security architecture, network engineering, security engineering, and social engineering duties.
  • Work with IT groups to review configuration changes made that effect high risk public facing systems such as cloud applications/services, web servers, email systems and secure transfer systems. Also responsible for reviewing new systems from the security perspective that will be used by the public.
  • Lead Incident Response processes to protect InnovAge information assets, comply with all pertinent regulations, investigating/classifying security incidents throughout the incident response lifecycle in accordance with the Incident Response Plan.

Functional Category: Technical writing and others

Estimated Percent of time Spent – 5%

  • Assist in the review, preparation, and implementation of security documentation and related security plans.
  • Performs other duties as assigned.

Other Responsibilities

  • Demonstrates a commitment to the quality improvement process and the philosophy of continuous improvement; identifies and responds actively and with sensitivity to the needs of all concerned; participates as a team player in all phases of the organization; and is open and responsive to change.
  • Communicates and interacts with co-workers and all others in a pleasant and professional manner at all times.
  • Maintains strict confidentiality of personnel data, proprietary information, and sensitive materials as required.
  • Maximizes cost efficiency and productivity in the use of all resources of the department and organization.
  • Attends all required department events, staff meetings, and any other job-related functions. Attends and successfully completes all mandatory training.
  • Does not communicate with any news media or volunteer business information to other agencies. Directs public relations issues to the appropriate person.
  • Does not enter any contract without approval which commits the organization to any obligation, or which transfers company assets to any outside interests, or which involves expenditures of a capital nature.
  • Performs within position and personal limitations and provides information to employees, co-workers, business contacts, and others only as able and appropriate for position.
  • Complies with all InnovAge policies and procedures.

Travel Requirements

 

Travel

Estimated Percent of time Spent –

  • Travel between local InnovAge worksites
  • Travel to client and potential client homes and/or other off-site locations
  • Overnight travel out of state

 

Relocation

  • Must be open to relocation based on business necessity

 

Qualifications

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions

 

REQUIRED

 

Education

 

Bachelor’s degree in Computer Science, Information Systems/Technology, Engineering, Information Security, Criminal Justice, or related field from an accredited college/university

 

Licensure, Certification, Registration or Designation

 

Information Security certification(s) such as the Information Systems Security Professional Certification (CISSP), Information Security Manager Certification (CISM), or Information Systems Auditor (CISA) Certification.

 

Work Experience and Qualifications

 

PREFERRED

 

Education

 

 

Licensure, Certification, Registration or Designation

 

 

Work Experience and Qualifications

 

Information Security Experience

  • Minimum 5 years of experience in implementing regulatory compliance processes (HIPAA/HITECH and PCI) in information security in the health care services industry.
  • Detailed working knowledge of information security technologies and strong technical skills (applications, networks, data center, cloud, desktop management, database technology, data interchange, operating system hardening, vulnerability assessments, security / technology audits, TCP/IP, Intrusion Detection Systems, firewalls, routing, external threats (e.g., Denial of Service, viruses), and Security Information and Event Management (SIEM) tools, etc.).
  • In-depth knowledge of HIPAA & HITECH Security Rule and other regulatory security laws.
  • Knowledge of ISO (e.g., 27001) and NIST security frameworks as well as the ability to build a security framework based on industry standards.
  • Experience in interpreting and applying regulations.
  • Detailed knowledge of IT general controls, preventive controls, corrective controls, and risk mitigation.
  • Experience in using or auditing information and data.
  • Ability to weigh business risks and enforce information security measures.
  • Experience with business continuity planning and information system disaster recovery planning and testing, audit compliance, risk analysis and risk management as it relates to information security.

 

General Experience

  • Excellent oral and written communication skills, including the ability to explain security solutions in business terms, establish rapport and persuade others.
  • Ability to effectively work with all levels of the organization, external auditors, vendors, and business units on security initiatives, projects, decisions, and information.
  • Self-motivated and directed with a keen attention to detail and strong customer service mindset.
  • Honest, hard-working with a lack of ego and drenched in integrity.
  • Consistently drive for extraordinary results.
  • Like to learn, seek challenges, and go out of their way to help others be successful.
  • Demonstrated project management and facilitation skills.
  • Excellent analytical and documentation skills.
  • Team-oriented and strong interpersonal skills.
  • Well organized and detail oriented.
  • Excellent responsiveness and reliability.
  • Demonstrated ability to work under pressure in a fast-paced environment and meet tight deadlines.

 

 

Other Knowledge Skills and Abilities Required

 

Computer Skills  

  • Must be computer proficient and possess experience with Microsoft Word, Excel, and Outlook.
  • Must be able to quickly learn specific software and new applications.

 

Mathematical/Financial Skills

  • Ability to apply concepts such as fractions, percentages, ratios, and proportions to practical situations.
  • Able to analyze data and statistics and draw reasonable conclusions and compile accurate reports.
  • Experience with P/L and developing and managing budgets

 

 

Language Skills

  • Ability to read, analyze and interpret regulations and other documents.
  • Strong interpersonal skills and ability to effectively and tactfully present information to, and communicate with, co-workers, employees, and others.
  • Possess exceptional English written and verbal communication skills, including accurate grammar and business correspondence knowledge.
  • Ability to read and write memos, reports, and correspondence that conform to prescribed style and format.

 

Reasoning Ability

  • Ability to define problems, collect data, establish facts, and draw valid conclusions.

 

Other Skills and Abilities:

  • Able to establish and maintain cooperative and positive working relationships.
  • Organized, detail-oriented, diplomatic, proactive, self-motivated, dependable, and driven by excellence.
  • Even-tempered and able to balance multiple tasks in accordance with changing deadlines and priorities in a fast-paced environment.
  • Ability to work sensitively and effectively with individuals of diverse ethnic and cultural backgrounds.

 

 

InnovAge Service Standards Requirements

Safety

  • Safety- Maintains a safe workplace. Reports all unsafe work conditions to supervisor and/or Safety & Loss Control Manager and works in conjunction with supervisor, Safety & Loss Control Manager, and staff to correct unsafe work conditions. Follows and enforces all safety policies.

Accountability

  • Commitment – Commits to his/her job and to the success of the company. Continuously puts forth the effort to achieve goals and continuous quality improvement. Degree to which employee goes the extra step to ensure job/task completion. Take the initiative to offer ideas to improve processes or results.
  • Cooperativeness – Consistently supports management decisions as demonstrated by his/her actions. Demonstrates a “can do” attitude by responding positively to instructions. Follow instructions and work harmoniously with others to complete the job or task.
  • Attendance – Meets or exceeds punctuality and attendance expectations/requirements. Faithfully reports to work and conforms to scheduled work hours. When necessitated, follow call-in procedures, and inform others of absences.

Caring

  • Customer Service – Embraces the organization's commitment to internal and external customer service and demonstrates a customer-centric approach when interacting with co-workers, participants, clients, and all other business contacts.
  • Confidentiality – Maintains confidentiality of employee, participant, and client data/information, and any other sensitive organization information as appropriate.

Integrity

  • Adherence to Company Policy – Follows and enforces guidelines as established by policies. Conforms to company and job standards and requirements. Shows respect for others. Acts in the best interests of the company always. Serves as an example for others. Conducts business in an ethical fashion.
  • Reliability – Completes responsibilities with minimal direct supervision. Follow through with assigned jobs and tasks all the way through completion. Puts forth the effort to achieve goals and objectives under varying circumstances.
  • Alignment with Company Goals & Objectives – Supports the organization’s mission, vision, and values and holding self-accountable for applying these principles daily and personally living them when working with co?workers, participants, clients, and all other business contacts.

Quality

  • Quantity of Work / Productivity – Produces at a high volume. Always puts forth the effort to maximize productivity. Meets or exceeds established work deadlines. Engages in a productive work effort whenever possible. Meets goals and objectives.
  • Quality of Work – Produces work that is accurate and reliable. Accomplishes work quickly and efficiently. Works in a thorough and organized manner while minimizing down time. Results are consistently within acceptable quality standards.
  • Job Knowledge – Demonstrates a thorough understanding of his/her job processes and procedures. Integrates knowledge to efficiently accomplish job requirements. Efficiently uses resources (including staff and management) to obtain additional knowledge.
  • Communication – Exhibits good interpersonal skills. Develops and fosters professional relationships with co-workers, participants, clients, and vendors. Keeps others informed as directed by operational demands and need-to-know. Keeps self-informed of announcement made via established company venues

 

Enter physical requirements/Work Environment based on location of position