Lead Information Security Engineer


HireStrategy's client is seeking a Lead (Techno/Functional) Information Security Engineer.

  • Under limited supervision by the Director of Technology and the Chief Information Security Officer, the Information Security Engineer will be responsible for the cyber-defense function.
  • Contribute to the selection, deployment, and operation of cyber-defense technologies, including firewalls, monitoring tools, malware detection, and log analysis tools across the organization.
  • Be an expert in the adoption of cyber-security frameworks (e.g., NIST, HITRUST, FISMA, and ISO) and regulations specific to healthcare (e.g., HIPAA and HITECH).
  • Contribute to enterprise policies related to data use, network access, and appropriate use of computer equipment.

Minimum Requirements:
  • B.S. in Computer Engineering, Computer Science, or other similar area
  • At least two (2) years of experience in managing information security for a complex organization.
  • Knowledge of healthcare security and privacy regulations (HIPAA/HITECH) AND / OR advanced knowledge of at least one information security framework (e.g., NIST, HITRUST, FISMA, ISO).
  • Certified Information Security System Professional (CISSP) certification and Healthcare experience are major pluses.

  • Conduct cyber security audits, penetration tests, and investigations of cyber-security incidents.
  • Responsible for coordinating cyber threat mitigation activities, security breach detection, containment, and restoration activities and contribute to the organization's disaster response plan.
  • Develop and disseminate information security awareness training materials and develop and deliver class- room training for employees.
  • Provide front-line response to detection systems and alarms
  • Investigate malware, targeted attacks, intrusion attempts, and vulnerabilities
  • Drive continuous improvement of response capabilities through automation and critical thinking
  • Participate in the development, documentation, implementation and evaluation in security policies, guidance and procedures

Organizational Expectations:
  • Adheres to the requirements of the HIPAA Privacy Policies and Procedures. Maintains confidentiality of patients, families, and staff.

Back to top