Information Security Officer

About The Position

Requirements

• 5+ years - Performing Risk assessments and analyzing the risk. Identify, track, and report on remediation of risks and audit findings identified by internal and external risk assessors.
• 5+ years - GRC applications or more specific with ServiceNow GRC
• A minimum of ten years of IT experience, with at least 7 years dedicated to IT/Cyber Security, including Solution Design and risk management
• Strong Knowledge of infrastructure, GRC applications and security protocols in addition to configuration management techniques and risk management/compliance/audit standards
• Deep knowledge of HIPAA/HITECH, NIST CSF, ISO27001/27002 and PCI-DSS Standards and Requirements
• Knowledge of encryption algorithms
• Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins
• Knowledge of network security architecture concepts, including topology, protocols, components, principles (e.g. application of defense-in-depth), and traffic flows across the network (e.g. TCP & TCP/IP, OSI, etc.)
• Experience working with network access, identity, and access management (e.g. Active Directory, access federation, multifactor authentication, PKI)
• Experience working with operating systems (Microsoft Windows, Linux, UNIX, MacOS X)
• Knowledge of security management and secure configuration management techniques
• Knowledge of software engineering
• Skill in assessing the robustness of security systems and designs and determining how it should work (including its resilience and dependability capabilities)
• Knowledge of IT supply chain security/risk management policies, requirements, and procedures
• A bachelor's degree in information systems
• CISSP, CISM, GSEC, CEH, or other relevant security qualification

Nice To Haves

• Must possess a high degree of integrity and trust along with the ability to work independently
• Participate in special projects as needed and perform other duties as assigned
• Must be able to work independently as well as work as part of a fast-moving team
• Must be able to work at various locations when necessary along with working various shifts

Responsibilities

• Support the ISRM team in the development and execution of risk analysis and risk mitigation strategies
• As a Subject Matter Expert, co-develop and maintain System's Information Security Standards, Standard Operating Procedures, and other related security governance documents that serve to support the System's Information Security Risk Management capabilities.
• Conduct and participate in any relevant audits and risk assessment activities.
• Track and follow-up on risk and risk remediation tickets to ensure compliance with approved policy and procedures.
• Provide end-user support for risk treatment workflows in the ServiceNow GRC application.
• Respond to requests for risk and risk treatment status from regulating bodies or internal/external assessor organizations.
• Develop effective working relationships with corporate and enterprise peers and teams within areas such as Compliance, IT Site Directors, and facility administrative and clinical leadership.
• Develop effective working relationships with business and technical teams covering business applications, clinical applications, and biomedical devices as well as other supporting enterprise infrastructure and related teams.
• Develop, maintain, and track progress on security risk and similar remediation activities across Enterprise, Application, and Facilities scopes.
• Assist with development and documentation of key security controls at the Enterprise, Facility, and Application scopes.

Benefits

• Medical, dental & vision
• Critical Illness, Accident, and Hospital
• 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
• Life Insurance (Voluntary Life & AD&D for the employee and dependents)
• Short and long-term disability
• Health Spending Account (HSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)