|Date Posted||January 6, 2022|
You are known for your complex problem-solving abilities and creative mind, aiding in your ability to anticipate potential threats and design systems to preempt them. You lead with credibility and independence – empowering teams to meet business and IT security goals. You have rock solid integrity, confidentiality and cultivate an environment of trust on behalf of patients, healthcare providers, employees and administrators and nurture a culture of compliance by leveraging your in-depth knowledge of HIPAA/HITECH, PCI, GDPR and other regulatory and legal standards. You have risk and compliance control and hands-on experience with security and architecture of infrastructure systems.
If this sounds like you, read on!
The IT Security Engineer leads data security standards, driving the security strategy and implementations resulting in safeguarding the organization’s protected health and other confidential or sensitive information from security threats and cyber-hacking. This role is responsible for the operational compliance to HIPAA/HITECH, PCI, GDPR, and similar standards and regulations. This position serves as a trusted advisor to the Director, CIO, and the Academy senior management team to establish information security standards, recommendations, and controls as an integrated part of strategic growth planning and ongoing process improvement.
- Devises strategies and implements IT solutions to minimize the risk of cyber-attacks. Coordinates external audits and IT security risk assessments and provides recommendations to minimize threats. Maintains compliance with the latest to HIPAA/HITECH, PCI, GDPR regulations and requirements by adhering to industry standard cyber-security frameworks. Tracks the latest IT security innovations and keeps abreast of cyber threats and security technologies. Communicates with key stakeholders about IT security threats.
- Leads incident response situations when cyber threat actors are detected and active based on the AAOS Incident Response Policies.
- Develops and maintains data security and privacy policies and procedures related to the proper handling and use of confidential information across the organization. Ensures that business processes incorporate the proper audit controls that demonstrate compliance with policy.
- Coordinates regular training and education of Academy staff in information security methods and controls to maintain compliance. Champions and educates the organization about the latest security strategies and technologies.
- Responds to security assessment questionnaires from stakeholder institutions. Implements an effective process for the reporting of security incidents. Oversees the investigation of reported security breaches and develops strategies to handle security incidents and trigger investigations. Manages vendor relationships with security experts and advisors.
- Implements Risk Management program to conduct a continuous assessment of current IT security practices and systems and identifies areas for improvement. Delivers new security technology approaches and the implementation of next generation solutions. Provides leadership to the technology team and developing staff. Tracks remediation of risks in central risk register and meet with leadership teams to align on progress of improving the organization’s security posture.
- Ensures that proper monitoring of security vulnerabilities and hacking threats in computers, networks, cloud, and hosted systems is in place. Provides leadership to ensure business continuity in the event a security breach occurs, or a disaster recovery plan is triggered.
- Implements Third Party Vendor Risk Management Program. Assesses Third party vendors, reviews contractual security language, and implements process to hold vendors accountable after they experience security breaches.
- Supports and participates in legal/privacy contract negotiations with Third Party vendors.
- Implements Continuous Monitoring to reassess third parties on a regular cadence.
- Implements/manages GRC tool to track and assess risks.
- Implementation/documentation of exception process.
- Governance over identity access management requests and firewall rule requests.
Exemplifies the following essential values of the Academy:
- Teamwork: Effective collaboration and team-focus to solve complex problems and drive innovation.
- Empowerment: The authority, information, and skills to make decisions and drive results.
- Accountability: Ownership of process and results that drive decisions and ensure implementation.
- Mindset of Growth/Continuous Learning: Focused on and invested in self and staff development to become more adaptable, making the Academy more agile, innovative, and sustainable.
- Leadership skills – capable of empowering and leading teams to meet business and IT security goals
- Ability to adapt to a fast-moving/heavy lift IT landscape and keep pace with latest thinking and new security technologies
- Excellent communication skills – providing verbal and written communication that is outstanding to both direct reports and senior management as well as other stakeholders
- Flexible and adaptable – capable of changing direction where required and showing flexibility to meet new demands
- Ability to develop and carry out information security plans and policies
- Creative thinking – able to look at alternatives and consider new ways of thinking to problem solve
- Multi-tasking – can manage several concurrent projects and prioritize demands
- Bachelor’s degree is required in computer science or similar.
- Information security certification required or currently pursuing with a specific date for certification.
- Must possess a strong working knowledge and understanding of business processes
- Must possess excellent analytical and planning skills
- Must possess excellent written and verbal communication skills as well as demonstrated presentation, organizational, facilitation, and problem-solving skills
- Provide awareness training of the workforce on information security standards, policies and best practices including conducting and reporting on quarterly email phishing campaigns.
- Manage and lead security incident response efforts
- Monitor networks and systems for security breaches, utilizing technology that detects intrusions and anomalous system behavior
- A minimum of 5 years IT security experience or proven comparable recent information security experience in a leadership role
- Technical Security resource for Office of General Counsel and Corporate Compliance and Integrity
- Azure and cloud platform as a service (PaaS, IaaS, and SaaS) security
- Endpoint security solutions, including file integrity monitoring and data loss prevention
- Planning, researching and developing security policies, standards and procedures
- Knowledge of risk assessment tools, technologies and methods
- Expertise in anti-virus software, IDS/IPS, firewalls, SIEM, and content filtering
- Expertise in designing secure networks, systems and application architectures
- Demonstrated knowledge of the latest IT thinking and threat modelling methods together with a creative drive
- Change management and business process experience is ideal together with a proven track record of driving large-scale change programs
- A proven record of dealing with complex projects and meeting conflicting demands
If this describes YOU, please apply by sharing the following:
-Clearly communicate why you are the ideal candidate for this role, providing specific examples and experiences as proof points.
-Attach your resume, cover letter and any additional materials that support your application.
This position is based in Rosemont, Illinois and is open to applicants who are able to relocate to commuting distance to that office. Alternatively, the position may be performed remotely and is open to applicants in any U.S. state other than California, Colorado, Montana and New York.
AAOS requires all employees to be fully vaccinated against COVID-19. An applicant (i) who is disabled or who has a qualifying medical condition that contraindicates a COVID-19 vaccination, or (ii) who objects to being vaccinated on the basis of a sincerely held religious belief, observance or practice may request a reasonable accommodation. This determination will be made on a case-by-case basis and in accordance with applicable law and public health guidance. Any medical information concerning an applicant's disability will be treated as a confidential medical record in compliance with applicable federal, state and local laws. Exemptions from the vaccine policy may also be provided to fully remote positions that do not involve any business travel or in-person work activities.