Sr. Information Security (InfoSec) Engineer - Operations
Job Title: Sr. Information Security (InfoSec) Engineer - Operations
ABOUT CITY OF HOPE:
City of Hope, an innovative biomedical research, treatment and educational institution with over 4000 employees, is dedicated to the prevention and cure of cancer and other life-threatening diseases and guided by a compassionate, patient-centered philosophy.
Founded in 1913 and headquartered in Duarte, California, City of Hope is a remarkable non-profit institution, where compassion and advanced care go hand-in-hand with excellence in clinical and scientific research. City of Hope is a National Cancer Institute designated Comprehensive Cancer Center and a founding member of the National Comprehensive Cancer Network, an alliance of the nation's 20 leading cancer centers that develops and institutes standards of care for cancer treatment.
POSITION SUMMARY & KEY RESPONSIBILITIES:
The Senior Information Security Engineer supports the Information Security Department (ISD) in evolving the confidentiality, integrity, and, availability of the information assets related to City of Hope business and information systems. The incumbent in this role must have a professional image, the ability to work under pressure, and be able to resolve problems and conflicts. The incumbent takes a technical leadership role in the information security program by contributing to the development of an enterprise wide security risk program, policies and standards, vulnerability life-cycle management and remediation, evaluation of new security technologies, and contributes to security incident and event management. The incumbent takes a leadership role in supporting and assisting with coordination and implementation of all process and technical aspects of the Information Security Program. The incumbent will present technical analysis and measures to executive management. Provide input into new security strategies and trends as well as measure and report on the processes that affect the integrity, functionality, and reliability of the City of Hope's security control framework.
- Ensuring information security performance is monitored on an ongoing basis
- Conducting assessment and analysis on the bank's information security controls
- Assessing the efficiency, relevance, and integrity of collected data
- Identifying control deficiencies byanalyzing and identifyingunderlying root causes
- Designing, implementing, and collaboratingon a range of information security metrics and performance reports
- Assisting stakeholders in identifying, initiating, and tracking corrective actions to address anomalies
- Overseeing monitoring systems and programs used to detect and report security violations
- Maintaining familiarity with industry trends and security best practices
- Contributing to the teams continuous improvement efforts
- Oversee and monitor risk mitigation and coordination of policies, standards and controls with the ISO and Compliance Officer
- Perform data security event correlation between various systems
- Supports the vulnerability life cycle management
- Provide incident response functions when appropriate and coordinate activities with other information technology teams
- Assist with the evaluation of new information security technologies with recommendations to management on the different products.
- Review alerts and data collected from data security systems on a daily basis and report findings
- Contribute to the development of information security policies and procedures designed to meet the changing needs of the City of Hope
- Prepare documentation to support the development of information security policies, standards, guidelines, procedures and awareness training
- Performs special projects as assigned by the CISO
- Internal Contacts: Across all ITS departments, COH business, research and clinical areas, and VP/Director/Managers
- External Contacts: Software/hardware vendors
- Evaluate current information technology systems for information security gaps, identify, and implement remediation solutions
MINIMUM EDUCATION AND EXPERIENCE:
- Bachelor's Degree inManagement/Computer Information Systems (MIS/CIS), Computer/Electrical Engineering, Computer Science or related field
- Seven or more years in a technology related field, with a minimum of 5 years in information security specific experience
- Working knowledge of Information Security tools, practices, policies and processes in a multi-vendor environment with an emphasis on risk analysis, risk assessment and risk management.
- CISSP - Certified Information Systems Security Professional (or within 12months of hire)
PREFERRED EDUCATION / CERTIFICATION:
- CISM Certified Information Security Manager
- CISA Certified Information Systems Auditor
- GISP Information Security Professional
- GSEC Security Essentials Certification
- SSCP- Systems Security Certified Practitioner
- GISF- Information Security Forensics
- Hospital/healthcare industry experience is desirable, but not required
- Strong verbal and written communication skills and clear articulation of complex issue and problem-resolution skills a must.
- Comprehensive understanding of the regulatory environment including HIPAA/HITECH, PCI, Red Flags; and, information security frameworks i.e. NIST, ITIL, FIPS, FISMA, ISO, and Cobit.
- Knowledge of design, implementation, and maintenance of: security incident and event management (SIEM), local area networks and firewalls, Active Directory, group policy objects, scripting, vulnerability scanning, encryption, IDS/IPS, web filtering, LDAP, multi-factor authentication systems, exploits and hacker techniques, and, network and operating system security principles.
- Strong verbal and written communication and organizational skills
- Interpersonal and negotiating skills
- Foster/promote a professional image
- Works well independently or on multiple projects as a project team member
Knowledge of any of the following is desirable:
- Privilege Access Management systems,
- Security Incident and Event Management systems
- Identity and Access Management solutions
- Log monitoring software
- Vulnerability Management tools
- Database vulnerability and monitoring tools
- VMware (virtual machine software)
- Firewall,Encryption software,Anti-malware and anti-virus detection software,VPN Technologies
- Event Collection software,Event Correlation software,
- IIS, HTTPS, SSL, SSH, POP3, DNS, FTP
- Snort, Nmap, Snoop, Tcpdump, Wireshark
City of Hope strongly supports and values the uniqueness of all individuals and promotes a work environment where diversity is embraced. City of Hope is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a protected veteran, or status as a qualified individual with disability.LI-DA | CB-DA ~dice~
Back to top