Information Security Engineer
GoHealth Urgent Care
JOB REQUIREMENTS
Education
- High School Diploma or GED required
- Bachelor’s degree in information systems/information security or equivalent work experience in Information Security or a closely related field involving Security standards and regulations (such as HIPAA, PCI-DSS 3.2, ISO 27001, HITRUST, and NIST) with a solid understanding of network security protocols and methodologies. required
- Healthcare experience required
Work Experience
- 3+ yrs of Systems Engineering or Network Engineering required
- 2+ yrs of Info Security or similar responsibilities required
Required Licenses/Certifications
- Security + or SSCP
Additional Knowledge, Skills, and Abilities Required
- Direct experience with anti-virus software, intrusion detection, network security, firewalls, and content filtering
- Knowledge of risk assessment tools, technologies, and methods. (for example SIEM solutions). Must understand architecture, implementation, deployment, and support of these tools.
- Experience designing, maintaining, and supporting secure systems and application architecture revolving around personal health information and payment processing transactions.
- Knowledge of disaster recovery, computer forensic tools, technologies, and methods
- Compliance experience in implementing IT security controls for NIST800-53r4, HIPAA, ISO27001/27002/27018, PCI DSS, and/or SOX programs.
Additional Knowledge, Skills, and Abilities Preferred
- Ability to read and use the results of email transport protocols, malicious code, and anti-virus software
- Strong understanding of endpoint and network security solutions including vulnerability scanning, file integrity monitoring, and data loss prevention
- Azure/Cloud experience and knowledge
- Experience implementing and administering security features and tools within Office 365 environment
- Other Security certifications a plus, including HCISPP, CISSP, CISM, CISA, or related/comparable credentials.
- Experience using OneTrust Privacy Software a plus.
ESSENTIAL FUNCTIONS
- Plan, design, enforce, and audit security policies and procedures which safeguard the integrity of and access to enterprise systems, files, and data elements.
- Protect systems by defining access privileges, control structures, and resources.
- Recognize and identify potential areas where existing data security policies and procedures require change, or where ones need to be developed or improved, especially regarding future business expansion.
- Recognizes problems by identifying anomalies; reporting and investigating risks, concerns, or violations.
- Implements security improvements by assessing the current situation; evaluating trends; anticipating requirements.
- Creates, participates, and executes on strategic plans to continually improve and optimize information security across the GoHealth Urgent Care enterprise structure
- Determines security violations and inefficiencies by conducting periodic audits.
- Upgrades system by implementing and maintaining security controls.
- Keeps users informed by preparing performance reports; communicating system status.
- Maintains quality service by following organization standards.
- Maintains technical knowledge by attending educational workshops; reviewing publications.
- Contributes to team effort by accomplishing related results as needed.
- Ability to relate business requirements and risks to policy and technology implementations to key business stakeholders.
- Conduct Phishing evaluations and Security Awareness training for end-users.
- Works in cross-functional teams to implement security measures and times both face-to-face and via written communication.
- Writing and maintaining information security policies and procedures.