This position will work as a key member of the Therigy Technology department, reporting to the Director of Development Operations.
- A four-year college degree in Computer Science, Computer Engineering, Information Systems, Cyber Security Engineering, or STEM related degree.
- Professional certification, e.g. CISSP, AWS Certified Security Specialist, CISA
- Education and experience relative to the size and scope of the organization.
- At least 2 years of AWS cloud security hardening and reaching compliance objectives
- At least 3 years of information security work as a manager or organizational leader in cyber security
- The ability to work effectively in a health care setting, consensus driven organization is required, as are demonstrated personnel and information security program management skills.
- Experienced in management of both physical and logical information security systems.
- Outstanding interpersonal and communication skills.
- Ability to weigh business risks and enforce appropriate information security measures.
- Strong Infrastructure and application security fundamentals
- Previous experience as an application developer, software engineer, SecOps engineer, DevSecOps engineer, Pen test engineer
- Strong Linux experience background
- Experience working with software engineers to assess and ensure best security practices are translating to the code that is written through the SDLC
- Experience with previous audits (PCI, HiTRUST, FedRamp)
- Demonstrated effectiveness with consensus building, policy development and verbal and written communication skill.
- Good Understanding of cloud computing in any of the major 3 providers (AWS, Azure, GCP). Preferable AWS.
- Strong analytical and diagnostic skills.
- Current understanding of common web vulnerabilities (OWASP top 10).
- Strong technical skills (application and OS hardening, vulnerability assessments, penetration testing, security audits, TCP/IP, IDS/IPS, firewalls etc.).
- A high level of integrity and trust.
- Knowledge of HIPAA, state and federal guidelines on privacy, transactions and security.
- Working knowledge and understanding of all hardware and software applications applicable to this organization.
- Specific experiences in the health care industry.
- Extensive familiarity with health care relevant legislation and standards for the protection of health information and patient privacy.
- Demonstrated successful project management expertise with audit and compliance objectives.
- Able to communicate about legacy infrastructure security tooling and appliances and compare them to their cloud counterparts.
- Able to collaborate with the infrastructure team and convey security and compliance objectives within their technical tool set.
- Able to work with autonomy maintaining a strong level of focus, proactiveness, and eagerness to learn every technical aspect of the infrastructure and contribute hands on where improvements can be made to improve the overall state of our security program.
- Ability to provide security briefings to a diverse audience.
- Experience with using machine learning to achieve security objectives.
Responsible for the management and oversight of the information security of Therigy and its customers’ data, including individually protected health information
- Maintains current and appropriate body of knowledge necessary to perform the information security management function.
- Effectively applies information security management knowledge to enhance the security of the open network and associated systems and services.
- Maintains working knowledge of legislative and regulatory initiatives. Interprets and translates requirements for implementation.
- Develops appropriate information security policies, standards, guidelines and procedures.
- Works effectively with the Information Privacy Officer, other information security personnel and the committee process.
- Provides meaningful input, prepares effective presentations and communicates information security objectives.
- Participates in short and long term planning.
- Monitors Information Security Program compliance and effectiveness in coordination with the entity’s other compliance and operational assessment functions.
- Oversees, directs, delivers, or ensures delivery of initial security training and orientation to all employees and contractors, alliances, business associates, and other appropriate third parties.
- Establishes with management and operations a mechanism to track access to protected health information, within the purview of the organization and as required by law and to allow qualified individuals to review or receive a report on such activity.
- Ensures compliance with security practices and consistent application of sanctions for failure to comply with security policies for all individuals in the organization’s workforce, extended workforce, and for all business associates, in cooperation with Human Resources, the information privacy officer, administration, and legal counsel as applicable.
- Perform ongoing risk assessments and audits to ensure that information systems are adequately protected and meet certification requirements.
- Work with vendors, outside consultants, and other third parties to improve information security within the organization, including via audits and assessments.
- Initiates, facilitates and promotes activities to foster information security awareness within the organization and related entities.
- Serves as the leader of the Risk Management Committee.
- Ensure that the access controls, disaster recovery, business continuity, incident response, and risk management needs of the organization are properly addressed.
- Reviews all system-related information security plans throughout the organization’s network to ensure alignment between security and privacy practices, and acts as a liaison to the information systems department.
- Lead incident response team to contain, investigate, and prevent security breaches, including determining any data breaches. Works effectively with management and external law enforcement to resolve these instances.
- Reviews instances of noncompliance and works effectively and tactfully to correct deficiencies.
- Serves as information security consultant to the organization for all departments and appropriate entities.
- Cooperates with the Office of Civil Rights, other legal entities, and organization officers in any compliance reviews or investigations.
- Works with organization administration, legal counsel, and other related parties to represent the organization’s information security interests with external parties (state or local government bodies) who undertake to adopt or amend privacy legislation, regulation, or standard.
- Certifies that IT systems and cloud infrastructure meet predetermined security requirements.
- Strives to maintain high system integrity and data availability.
- Works hands on with “Ops” personnel to create and meet security related KPI’s
Responsible for promoting open lines of communications within organization
- Collaborates with other team members as needed or directed.
- Makes recommendations for the improvement of operational and procedural changes.
Responsible for keeping abreast of local, state and federal rules and regulations
Responsible for performing other duties assigned but not limited to the following:
- Stays informed of latest web/internet tools and standards.
- Seeks out new ways of improving technical skills.
- Current duties as outlined in current position job description.
- Special projects as assigned.
- 100% fully paid health and dental insurance for the employee
- Optional dependent coverage available
- Optional vision coverage available
- Company-paid Life Insurance Policy
- Company-paid short term and long-term Disability coverage
- Simple IRA Retirement Savings Plan with match
- Company-contributed HRA and HSA plans
- Up to 22 days Paid Time Off (PTO)
- 7 company-recognized paid holidays
- Flexibility to work from home
- Flexible work schedule, 9-5 EST, 10-6 EST
ADA: The position requires being seated in front of a computer and utilizing a keyboard in excess of eight hours per day. May require lifting in excess of ten (10) pounds.
Therigy is an Equal Opportunity Employer
DWFP / Background Checks Required