Vytalize Health is looking for an Information Security Engineer to design and implement security mechanisms protecting our data and information systems. You will assess risks, design security architecture, perform control assessments, and respond to security events in a dynamic healthcare environment.
What You'll Do
- Assist in testing incident response plans to effectively address and mitigate security breaches or compliance violations.
- Assist in testing business continuity and disaster recovery plans to sustain business processes and restore system operability during and after a cyber incident.
- Respond to and resolve information security events and escalations.
- Evaluate and assess security technologies, tools, and solutions for suitability and effectiveness.
- Design cloud security strategies and implement controls to protect data, applications, and infrastructure hosted in the cloud.
- Design security architecture to protect the organization's entire IT infrastructure in coordination with the information security team.
- Maintain and monitor the cybersecurity risk register with risks, ratings, mitigation strategies, and action plans.
- Assist with data gathering and coordination with various teams for audits and risk assessments.
- Monitor training campaigns to demonstrate effectiveness and improve phishing detection and response.
- Conduct vendor risk assessments to identify and document potential supplier cybersecurity risks, threats, and vulnerabilities.
- Develop a process for third-party compliance requests monitoring and tracking and ensure timely completion.
- Collaborate with internal and external audit teams, providing documentation and evidence to demonstrate compliance.
- Develop and maintain a cybersecurity framework continuous assessment process to ensure controls are operating effectively.
- Monitor remediation of vulnerability assessment findings, including penetration tests.
- Collaborate with cross-functional teams.
- Communicate security risks, issues, and recommendations to senior management and stakeholders.
What We're Looking For
- Work experience in the healthcare information security field.
- Previous Health Information Technology (HIT) experience implementing controls to meet federal security and privacy regulations.
- Demonstrated knowledge of information technology processes, risks, infrastructure, and information security.
- Experience with incident response and vulnerability management.
- Knowledge of HIPAA, HITECH, and PCI DSS.
- Experience with information security assessments and audits.
- Strong written and verbal communication skills.
- Effective collaboration with stakeholders across departments and affiliated organizations.
- Ability to analyze information system security design and recommended configuration.
- Detailed oriented.
- Ability to work effectively in a complex enterprise environment.
Nice to Have
- 3+ years of relevant work experience in IT security in a complex enterprise environment.
- Preferred expertise in security assessment methodologies.
Benefits & Compensation
- Competitive base compensation.
- Annual bonus potential.
- Health benefits effective on start date; 100% coverage for base plan, up to 90% coverage on all other plans for individuals and families.
- Health & Wellness Program; up to $300 per quarter for your overall well-being available on start date.
- 401K plan effective on the first of the month after your start date; 100% of up to 4% of your annual salary.
- Unlimited (or generous) paid 'Vytal Time', and 5 paid sick days after your first 90 days.
- Company paid STD/LTD.
- Technology setup.
- Ability to help build a market leader in value-based healthcare at a rapidly growing organization.
