Sr. Mgr Information Security Engineer
Tech One IT
Phoenix, AZ
- Expired: over a month ago. Applications are no longer accepted.
Job Description
ESSENTIAL JOB FUNCTIONS AND RESPONSIBILITIES
Responsible for ensuring that information systems comply with governmental security requirements such as those included in the Health Insurance Portability and Accountability Act (HIPAA), and Arizona State insurance privacy law
Directs work of others in ISE on a daily basis; shares information and influences behaviors to be consistent with our Client's corporate objectives.
Maintains departmental metrics & measures to adequately monitor department performance, help meet IT divisional goals and assist in resource planning
Employ metrics to establish baselines and measure the effectiveness of implemented security controls. Create a scoring tool for measuring the effectiveness of each control.
Map critical controls to standards such as NIST 800-53, ISO 27001, and others.
Audit each of the critical security controls, with specific, proven templates, checklists, and scripts to facilitate the audit process.
Assist the CISO in establishing a minimum standard for security knowledge, skills, and abilities required for each job function, drive awareness and skills training and assessments to ensure the organization meets minimum standards.
Assist the CISO in developing strategic security plans and information security policies.
In coordination with the CISO, monitor information security trends internal and external to Client and keep Senior Management informed about information security-related issues and activities affecting the corporation
Responsible for the implementation and ongoing support of the operational tools used to fulfill oversight and security monitoring and management
Plans for and maintains an annual departmental budget
Assists ISE employees in performance plan documentation, career planning, and skill set enhancement
Control access by computer users in all departments that require computer access; Leadership must interface with ISS to obtain access permissions for their employees and external users. Be knowledgeable of the concepts of access controls and the interrelated products
Consult on and help implement procedures for data classification, handling, retention/destruction, etc.
Work with other Team Leaders to meet departmental responsibilities
Support the CISO and participate in confidential system security related reviews
Provide investigative and incident response functions
Keep current on new developments in healthcare related industries and new technology in systems security and computer technology
As necessary conduct confidential system security related reviews for Clieints leadership
Assist as necessary to investigate security breaches and pursue associated disciplinary and legal matters
Participate with management in formulating goals for the Information Technology Division.
Participate in developing the Information Technologies Strategic Plan with the Chief Information Security Officer.
Respond to and provide complete information for system audits and assessments as required by CISO and internal and external sources including SAS 70, Department Of Insurance, and Corporate Audit & Assessment Readiness Audits
Provides guidance to Employee Development on maintenance of an employee information security training program
Assist as necessary in both internal and external information security audits, assessments and evaluations
Provide a clear, concise, accurate and timely status report to the Chief Information Officer as required on both strategic and tactical matters
Perform and monitor network security and penetration assessments
The position requires a full-time work schedule. Full-time is defined as working at least 40 hours per week, plus any additional hours as requested or as needed to meet business requirements
Position may require evening, weekend, or on-call schedules, depending on project requirements and/or system status.
Perform all other duties as assigned.
PURPOSE OF THE JOB
Serves as the operational process owner for all ongoing activities that serve to provide appropriate access to and protect the confidentiality and integrity of customer, employee, and business information in compliance with organization policies and standards. Also, this position is to help provide protection of corporate assets for the organization and the day to day management of the IS Engineering (ISE) department. This position supports and implements Corporate Information Security direction set forth by the Chief Information Security Officer (CISO) that assures Client's customers that our Client is a secure company that intends to preserve the privacy and confidentiality of data and will remain their health insurance company.
Serves as the operational process owner for all ongoing activities that serve to provide appropriate access to and protect the confidentiality and integrity of customer, employee, and business information in compliance with organization policies and standards. Also, this position is to help provide protection of corporate assets for the organization and the day to day management of the IS Engineering (ISE) department. This position supports and implements Corporate Information Security direction set forth by the Chief Information Security Officer (CISO) that assures Client's customers that our Client is a secure company that intends to preserve the privacy and confidentiality of data and will remain their health insurance company.
QUALIFICATIONS
REQUIRED QUALIFICATIONS
1. Required Work Experience
7 years of experience with system security, including 3 years at a leadership level
5 years of experience with data processing and telecommunications
5 years of project management experience
2 years of recent experience with disaster recovery planning or risk analysis / business impact analysis
5 years of management or supervisory experience
2. Required Education
High School Diploma or GED in general field of study
3. Required Certifications
5 security certifications from the Preferred Certifications list
REQUIRED QUALIFICATIONS
1. Required Work Experience
7 years of experience with system security, including 3 years at a leadership level
5 years of experience with data processing and telecommunications
5 years of project management experience
2 years of recent experience with disaster recovery planning or risk analysis / business impact analysis
5 years of management or supervisory experience
2. Required Education
High School Diploma or GED in general field of study
3. Required Certifications
5 security certifications from the Preferred Certifications list
PREFERRED QUALIFICATIONS
1. Preferred Work Experience
10 years of experience with system security, including 5 years at a leadership level
7 years of experience with data processing controls, concepts, and audit principles
2. Preferred Education
Master's Degree in business, computer science or related field
3. Preferred Certifications
Certified Information Systems Security Practitioner (CISSP), Certified Information Security Administrator (CISA), Certified Information Security Manager (CISM), ISO Foundation, ISO Practitioner, Certified Computer Forensic Specialist (CCFS), Certified Business Continuity Professional (CBCP), Information Security Fundamentals (GISF), Security Essentials (GSEC), Critical Controls (GCCC), Leadership Essentials (GSLC), SANS CISSP (GISP), Certified Ethical Hacker (CEH), Certified CISO (CCISO), Certified Cloud Security Professional (CCSP) Certificate of Cloud Security Knowledge (CCSK), Certified Common Security Framework Practitioner (CCSFP)
1. Preferred Work Experience
10 years of experience with system security, including 5 years at a leadership level
7 years of experience with data processing controls, concepts, and audit principles
2. Preferred Education
Master's Degree in business, computer science or related field
3. Preferred Certifications
Certified Information Systems Security Practitioner (CISSP), Certified Information Security Administrator (CISA), Certified Information Security Manager (CISM), ISO Foundation, ISO Practitioner, Certified Computer Forensic Specialist (CCFS), Certified Business Continuity Professional (CBCP), Information Security Fundamentals (GISF), Security Essentials (GSEC), Critical Controls (GCCC), Leadership Essentials (GSLC), SANS CISSP (GISP), Certified Ethical Hacker (CEH), Certified CISO (CCISO), Certified Cloud Security Professional (CCSP) Certificate of Cloud Security Knowledge (CCSK), Certified Common Security Framework Practitioner (CCSFP)
ESSENTIAL JOB FUNCTIONS AND RESPONSIBILITIES
Responsible for ensuring that information systems comply with governmental security requirements such as those included in the Health Insurance Portability and Accountability Act (HIPAA), and Arizona State insurance privacy law
Directs work of others in ISE on a daily basis; shares information and influences behaviors to be consistent with our Client's corporate objectives.
Maintains departmental metrics & measures to adequately monitor department performance, help meet IT divisional goals and assist in resource planning
Employ metrics to establish baselines and measure the effectiveness of implemented security controls. Create a scoring tool for measuring the effectiveness of each control.
Map critical controls to standards such as NIST 800-53, ISO 27001, and others.
Audit each of the critical security controls, with specific, proven templates, checklists, and scripts to facilitate the audit process.
Assist the CISO in establishing a minimum standard for security knowledge, skills, and abilities required for each job function, drive awareness and skills training and assessments to ensure the organization meets minimum standards.
Assist the CISO in developing strategic security plans and information security policies.
In coordination with the CISO, monitor information security trends internal and external to Client and keep Senior Management informed about information security-related issues and activities affecting the corporation
Responsible for the implementation and ongoing support of the operational tools used to fulfill oversight and security monitoring and management
Plans for and maintains an annual departmental budget
Assists ISE employees in performance plan documentation, career planning, and skill set enhancement
Control access by computer users in all departments that require computer access; Leadership must interface with ISS to obtain access permissions for their employees and external users. Be knowledgeable of the concepts of access controls and the interrelated products
Consult on and help implement procedures for data classification, handling, retention/destruction, etc.
Work with other Team Leaders to meet departmental responsibilities
Support the CISO and participate in confidential system security related reviews
Provide investigative and incident response functions
Keep current on new developments in healthcare related industries and new technology in systems security and computer technology
As necessary conduct confidential system security related reviews for Clieints leadership
Assist as necessary to investigate security breaches and pursue associated disciplinary and legal matters
Participate with management in formulating goals for the Information Technology Division.
Participate in developing the Information Technologies Strategic Plan with the Chief Information Security Officer.
Respond to and provide complete information for system audits and assessments as required by CISO and internal and external sources including SAS 70, Department Of Insurance, and Corporate Audit & Assessment Readiness Audits
Provides guidance to Employee Development on maintenance of an employee information security training program
Assist as necessary in both internal and external information security audits, assessments and evaluations
Provide a clear, concise, accurate and timely status report to the Chief Information Officer as required on both strategic and tactical matters
Perform and monitor network security and penetration assessments
The position requires a full-time work schedule. Full-time is defined as working at least 40 hours per week, plus any additional hours as requested or as needed to meet business requirements
Position may require evening, weekend, or on-call schedules, depending on project requirements and/or system status.
Perform all other duties as assigned.
COMPETENCIES
REQUIRED COMPETENCIES
1. Required Job Skills
Intermediate skill in use of office equipment, including copiers, fax machines, scanner and telephones
Intermediate PC proficiency
Intermediate proficiency in spreadsheet, database and word processing software
Advanced Knowledge of hardware, software, telecommunications, operating systems, and applications.
Knowledge of HIPAA security and privacy standards.
Knowledge of Microsoft, UNIX, and LINUX operating systems.
2. Required Professional Competencies
An understanding of the phases of a system attack, common types of attacks and malicious code, and the strategies used to mitigate those attacks.
Ability to apply create a security framework that is measurable, scalable, and reliable in stopping attacks and protecting the organizations' important information and systems.
An understanding of the importance of each security control, how it is compromised if ignored, be able to explain the defesive goals of each, and the tools and systems needed to implement and automate those controls.
An understanding of the processes and tools used to track/control/prevent/correct security weaknesses in the configurations of hardware and software systems based on a formal configuration management and change control process.
Ability to relate generally accepted system security practices and procedures into the specific environments.
Ability to apply generally accepted business continuity concepts to business units, including identification of critical success factors for effective disaster recovery.
Ability to develop strategic security plans that incorporate business and organizational drivers.
Ability to develop and assess information security policy
Ability to build, maintain, and mature a vulnerability management program for identifying, prioritizing, and remediating both technical and physical system vulnerabilities.
An understanding of PKI, key management and using symmetric, asymmetric, and hashing algorithms to secure data.
An understanding of incident response and the business continuity process.
An understanding of the top threats to application code and the processes and tools used to detect/prevent/correct security weaknesses.
An understanding of malicious software and the processes and tools used to detect/prevent/correct installation and execution of this software on all devices.
An understanding of security architecture concepts and the processes and tools used to detect/prevent/correct the flow of information transferring networks of different trust levels.
Ability to assess an organization's human risks and assist in building a security awareness program that can mature with the organization's security program.
An understanding of network layer protocols and their relationship to network security and privacy concerns, as well as the ability to identity PII and security controls for protecting network data.
An understanding of protocols, vulnerabilities, attacks, and security controls at each layer of the OSI model
An understanding of account monitoring and control, the principal of least privilege and the processes and tools used to track/control/prevent/correct use of system and application accounts.
An understanding of data classification and the processes and tools used to track/control/prevent/correct data transmission and storage, based on the data's content and classification.
An understanding of the processes and tools used to simulate attacks against a network to validate the overall security of an organization.
An understanding of the processes and tools used to track/control/prevent/correct security weaknesses in the configurations in network devices based on formal configuration management and change controls processes.
An understanding of the processes and tools used to track/control/prevent/correct the secure use of wireless networks.
Ability to provide organization consultation on major government data security compliance programs
Ability to lead the department in troubleshooting and technical system support for system security issues
Ability to train and consult on corporate wide efforts on major system security and business continuity corporate initiatives
Ability to take appropriate risks, using available data.
Strong analytical skills to support independent and effective decisions...
Strong verbal and written communications skills and the ability to interact professionally with a diverse group of executives, managers, and subject matter experts.
Project management skills, with the ability to manage a team to coordinate all planning and implementation activities in system security and/or business continuity fields
Strong analytical problem solving and workflow management skills demonstrated in a variety of settings; ability to listen carefully to others' ideas and points of view before deciding how to proceed
Excellent communication skills, including writing reports, letters and documents for internal/external publication and presenting to and facilitating groups of individuals
Ability to see the organization in terms of critical and highly interrelated work processes
3. Required Leadership Experience and Competencies
Ability to lead and communicate in a crisis situation
Ability to develop key working relationships needed to support strategic direction, both internally and external to the department and company
Ability to set an example for others in the IT organization by working well as a team member
Provide leadership, promote teamwork, meet objectives and exercise independent judgment
Experience leading and implementing projects and working collaboratively with other departments levels
Ability to prioritize tasks and work with multiple priorities, sometimes under limited time contstraints.
REQUIRED COMPETENCIES
1. Required Job Skills
Intermediate skill in use of office equipment, including copiers, fax machines, scanner and telephones
Intermediate PC proficiency
Intermediate proficiency in spreadsheet, database and word processing software
Advanced Knowledge of hardware, software, telecommunications, operating systems, and applications.
Knowledge of HIPAA security and privacy standards.
Knowledge of Microsoft, UNIX, and LINUX operating systems.
2. Required Professional Competencies
An understanding of the phases of a system attack, common types of attacks and malicious code, and the strategies used to mitigate those attacks.
Ability to apply create a security framework that is measurable, scalable, and reliable in stopping attacks and protecting the organizations' important information and systems.
An understanding of the importance of each security control, how it is compromised if ignored, be able to explain the defesive goals of each, and the tools and systems needed to implement and automate those controls.
An understanding of the processes and tools used to track/control/prevent/correct security weaknesses in the configurations of hardware and software systems based on a formal configuration management and change control process.
Ability to relate generally accepted system security practices and procedures into the specific environments.
Ability to apply generally accepted business continuity concepts to business units, including identification of critical success factors for effective disaster recovery.
Ability to develop strategic security plans that incorporate business and organizational drivers.
Ability to develop and assess information security policy
Ability to build, maintain, and mature a vulnerability management program for identifying, prioritizing, and remediating both technical and physical system vulnerabilities.
An understanding of PKI, key management and using symmetric, asymmetric, and hashing algorithms to secure data.
An understanding of incident response and the business continuity process.
An understanding of the top threats to application code and the processes and tools used to detect/prevent/correct security weaknesses.
An understanding of malicious software and the processes and tools used to detect/prevent/correct installation and execution of this software on all devices.
An understanding of security architecture concepts and the processes and tools used to detect/prevent/correct the flow of information transferring networks of different trust levels.
Ability to assess an organization's human risks and assist in building a security awareness program that can mature with the organization's security program.
An understanding of network layer protocols and their relationship to network security and privacy concerns, as well as the ability to identity PII and security controls for protecting network data.
An understanding of protocols, vulnerabilities, attacks, and security controls at each layer of the OSI model
An understanding of account monitoring and control, the principal of least privilege and the processes and tools used to track/control/prevent/correct use of system and application accounts.
An understanding of data classification and the processes and tools used to track/control/prevent/correct data transmission and storage, based on the data's content and classification.
An understanding of the processes and tools used to simulate attacks against a network to validate the overall security of an organization.
An understanding of the processes and tools used to track/control/prevent/correct security weaknesses in the configurations in network devices based on formal configuration management and change controls processes.
An understanding of the processes and tools used to track/control/prevent/correct the secure use of wireless networks.
Ability to provide organization consultation on major government data security compliance programs
Ability to lead the department in troubleshooting and technical system support for system security issues
Ability to train and consult on corporate wide efforts on major system security and business continuity corporate initiatives
Ability to take appropriate risks, using available data.
Strong analytical skills to support independent and effective decisions...
Strong verbal and written communications skills and the ability to interact professionally with a diverse group of executives, managers, and subject matter experts.
Project management skills, with the ability to manage a team to coordinate all planning and implementation activities in system security and/or business continuity fields
Strong analytical problem solving and workflow management skills demonstrated in a variety of settings; ability to listen carefully to others' ideas and points of view before deciding how to proceed
Excellent communication skills, including writing reports, letters and documents for internal/external publication and presenting to and facilitating groups of individuals
Ability to see the organization in terms of critical and highly interrelated work processes
3. Required Leadership Experience and Competencies
Ability to lead and communicate in a crisis situation
Ability to develop key working relationships needed to support strategic direction, both internally and external to the department and company
Ability to set an example for others in the IT organization by working well as a team member
Provide leadership, promote teamwork, meet objectives and exercise independent judgment
Experience leading and implementing projects and working collaboratively with other departments levels
Ability to prioritize tasks and work with multiple priorities, sometimes under limited time contstraints.
Tech One IT
Address
Phoenix, AZ
85044
USA
Industry
Technology
Get fresh Information Security Engineer jobs daily straight to your inbox!
By clicking the button above, I agree to the ZipRecruiter Terms of Use and acknowledge I have read the Privacy Policy, and agree to receive email job alerts.
Most Popular Jobs Similar to Information Security Engineer
Most Popular Information Security Engineer Job Categories
You Already Have an Account
We're sending an email you can use to verify and access your account.
If you know your password, you can go to the sign in page.