Job Title: Senior Information Security Engineer
FLSA Exemption Status:
State/Business Line Specific:
Reports to: Chief Information Security Officer
The Senior Information Security Engineer will develop and implement security technology, system architecture, and technological solutions for the protection of computers, networks, cloud services, software, data, and/or information systems against emerging security threats such as viruses, worms, spyware, malware, intrusion detection, unauthorized access, denial-of-service attacks, and an ever increasing list of attacks by hackers acting as individuals or as part of organized crime or foreign governments. This includes but is not limited to role-based access grids, risk assessment, policies and procedures, training, audit and monitoring, vulnerability assessments, configuration management, investigations of security breaches and complaint resolution.
Essential Functions and Work Responsibilities
Functional Category: Information Security
Estimated Percent of time Spent – 95%
- Lead/Support security design efforts on projects and collaborate within and outside the Information Security team.
- Security administration of Azure Cloud Security(SaaS and IaaS), Privilege Access Management platform, Firewall and Internet filtering, Security Information and Event Management (SIEM), Vulnerability Management (VM) system, Intrusion Detection/Prevention (IDS/IPS), Data loss Prevention (DLP), Data Access Governance (DAG), multi-factor authentication, email security, database security, advanced endpoint protection and cloud instances.
- Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) of existing/new hardware and software being introduced into the InnovAge’s environment.
- Design, implement and oversee constant real-time monitoring of IT Security devices and tool sets to include firewalls, intrusion detection/preventions (IDS/IPS), data loss prevention (DLP), web services, email security, vulnerabilities, and software patch maintenance.
- Coordinate penetration testing activities being performed by Third parties and be responsible for coordinating the remediation of vulnerabilities found during the testing.
- Perform malware analysis, network forensics, security architecture, network engineering, security engineering, and social engineering duties.
- Work with IT groups to review configuration changes made that effect high risk public facing systems such as cloud applications/services, web servers, email systems and secure transfer systems. Also responsible for reviewing new systems from the security perspective that will be used by the public.
- Lead Incident Response processes to protect InnovAge information assets, comply with all pertinent regulations, investigating/classifying security incidents throughout the incident response lifecycle in accordance with the Incident Response Plan.
Functional Category: Technical writing and others
Estimated Percent of time Spent – 5%
- Assist in the review, preparation, and implementation of security documentation and related security plans.
- Performs other duties as assigned.
- Demonstrates a commitment to the quality improvement process and the philosophy of continuous improvement; identifies and responds actively and with sensitivity to the needs of all concerned; participates as a team player in all phases of the organization; and is open and responsive to change.
- Communicates and interacts with co-workers and all others in a pleasant and professional manner at all times.
- Maintains strict confidentiality of personnel data, proprietary information, and sensitive materials as required.
- Maximizes cost efficiency and productivity in the use of all resources of the department and organization.
- Attends all required department events, staff meetings, and any other job-related functions. Attends and successfully completes all mandatory training.
- Does not communicate with any news media or volunteer business information to other agencies. Directs public relations issues to the appropriate person.
- Does not enter any contract without approval which commits the organization to any obligation, or which transfers company assets to any outside interests, or which involves expenditures of a capital nature.
- Performs within position and personal limitations and provides information to employees, co-workers, business contacts, and others only as able and appropriate for position.
- Complies with all InnovAge policies and procedures.
Estimated Percent of time Spent –
- Travel between local InnovAge worksites
- Travel to client and potential client homes and/or other off-site locations
- Overnight travel out of state
- Must be open to relocation based on business necessity
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions
Bachelor’s degree in Computer Science, Information Systems/Technology, Engineering, Information Security, Criminal Justice, or related field from an accredited college/university
Licensure, Certification, Registration or Designation
Information Security certification(s) such as the Information Systems Security Professional Certification (CISSP), Information Security Manager Certification (CISM), or Information Systems Auditor (CISA) Certification.
Work Experience and Qualifications
Licensure, Certification, Registration or Designation
Work Experience and Qualifications
Information Security Experience
- Minimum 5 years of experience in implementing regulatory compliance processes (HIPAA/HITECH and PCI) in information security in the health care services industry.
- Detailed working knowledge of information security technologies and strong technical skills (applications, networks, data center, cloud, desktop management, database technology, data interchange, operating system hardening, vulnerability assessments, security / technology audits, TCP/IP, Intrusion Detection Systems, firewalls, routing, external threats (e.g., Denial of Service, viruses), and Security Information and Event Management (SIEM) tools, etc.).
- In-depth knowledge of HIPAA & HITECH Security Rule and other regulatory security laws.
- Knowledge of ISO (e.g., 27001) and NIST security frameworks as well as the ability to build a security framework based on industry standards.
- Experience in interpreting and applying regulations.
- Detailed knowledge of IT general controls, preventive controls, corrective controls, and risk mitigation.
- Experience in using or auditing information and data.
- Ability to weigh business risks and enforce information security measures.
- Experience with business continuity planning and information system disaster recovery planning and testing, audit compliance, risk analysis and risk management as it relates to information security.
- Excellent oral and written communication skills, including the ability to explain security solutions in business terms, establish rapport and persuade others.
- Ability to effectively work with all levels of the organization, external auditors, vendors, and business units on security initiatives, projects, decisions, and information.
- Self-motivated and directed with a keen attention to detail and strong customer service mindset.
- Honest, hard-working with a lack of ego and drenched in integrity.
- Consistently drive for extraordinary results.
- Like to learn, seek challenges, and go out of their way to help others be successful.
- Demonstrated project management and facilitation skills.
- Excellent analytical and documentation skills.
- Team-oriented and strong interpersonal skills.
- Well organized and detail oriented.
- Excellent responsiveness and reliability.
- Demonstrated ability to work under pressure in a fast-paced environment and meet tight deadlines.
Other Knowledge Skills and Abilities Required
- Must be computer proficient and possess experience with Microsoft Word, Excel, and Outlook.
- Must be able to quickly learn specific software and new applications.
- Ability to apply concepts such as fractions, percentages, ratios, and proportions to practical situations.
- Able to analyze data and statistics and draw reasonable conclusions and compile accurate reports.
- Experience with P/L and developing and managing budgets
- Ability to read, analyze and interpret regulations and other documents.
- Strong interpersonal skills and ability to effectively and tactfully present information to, and communicate with, co-workers, employees, and others.
- Possess exceptional English written and verbal communication skills, including accurate grammar and business correspondence knowledge.
- Ability to read and write memos, reports, and correspondence that conform to prescribed style and format.
- Ability to define problems, collect data, establish facts, and draw valid conclusions.
Other Skills and Abilities:
- Able to establish and maintain cooperative and positive working relationships.
- Organized, detail-oriented, diplomatic, proactive, self-motivated, dependable, and driven by excellence.
- Even-tempered and able to balance multiple tasks in accordance with changing deadlines and priorities in a fast-paced environment.
- Ability to work sensitively and effectively with individuals of diverse ethnic and cultural backgrounds.
InnovAge Service Standards Requirements
- Safety- Maintains a safe workplace. Reports all unsafe work conditions to supervisor and/or Safety & Loss Control Manager and works in conjunction with supervisor, Safety & Loss Control Manager, and staff to correct unsafe work conditions. Follows and enforces all safety policies.
- Commitment – Commits to his/her job and to the success of the company. Continuously puts forth the effort to achieve goals and continuous quality improvement. Degree to which employee goes the extra step to ensure job/task completion. Take the initiative to offer ideas to improve processes or results.
- Cooperativeness – Consistently supports management decisions as demonstrated by his/her actions. Demonstrates a “can do” attitude by responding positively to instructions. Follow instructions and work harmoniously with others to complete the job or task.
- Attendance – Meets or exceeds punctuality and attendance expectations/requirements. Faithfully reports to work and conforms to scheduled work hours. When necessitated, follow call-in procedures, and inform others of absences.
- Customer Service – Embraces the organization's commitment to internal and external customer service and demonstrates a customer-centric approach when interacting with co-workers, participants, clients, and all other business contacts.
- Confidentiality – Maintains confidentiality of employee, participant, and client data/information, and any other sensitive organization information as appropriate.
- Adherence to Company Policy – Follows and enforces guidelines as established by policies. Conforms to company and job standards and requirements. Shows respect for others. Acts in the best interests of the company always. Serves as an example for others. Conducts business in an ethical fashion.
- Reliability – Completes responsibilities with minimal direct supervision. Follow through with assigned jobs and tasks all the way through completion. Puts forth the effort to achieve goals and objectives under varying circumstances.
- Alignment with Company Goals & Objectives – Supports the organization’s mission, vision, and values and holding self-accountable for applying these principles daily and personally living them when working with co?workers, participants, clients, and all other business contacts.
- Quantity of Work / Productivity – Produces at a high volume. Always puts forth the effort to maximize productivity. Meets or exceeds established work deadlines. Engages in a productive work effort whenever possible. Meets goals and objectives.
- Quality of Work – Produces work that is accurate and reliable. Accomplishes work quickly and efficiently. Works in a thorough and organized manner while minimizing down time. Results are consistently within acceptable quality standards.
- Job Knowledge – Demonstrates a thorough understanding of his/her job processes and procedures. Integrates knowledge to efficiently accomplish job requirements. Efficiently uses resources (including staff and management) to obtain additional knowledge.
- Communication – Exhibits good interpersonal skills. Develops and fosters professional relationships with co-workers, participants, clients, and vendors. Keeps others informed as directed by operational demands and need-to-know. Keeps self-informed of announcement made via established company venues
Enter physical requirements/Work Environment based on location of position