IT Security Engineer Incident Response
DRG Professional Services is partnered with Oklahoma's premier academic healthcare institution offering unsurpassed care, teaching, research, and technology. This "Not For Profit" hospital is beginning its Magnet journey and currently experiencing phenomenal growth.
- Industry Leading Benefit Plan: The hospital offers a comprehensive benefits package, including PTO, 401(k) with match, medical and dental plans, but offerings go beyond traditional packages to include; Empower + Wellbeing programs, Childcare assistance, adoption assistance, financial support for continuing education, tuition reimbursement, and many others.
- Professional Growth: This hospital provides numerous ways to grow and learn. In addition to tuition reimbursement and continuing education, there are opportunities for professional growth through formal classroom training, online programs, and blended learning experiences in leadership development and job-specific development.
- Sign on bonus / relocation package eligibility
The IT Security Engineer - Cyber Security (Incident Response) is responsible for assisting in the design, implementation, and support of various risk-based activities and IT security technologies and solutions for the health institution, remote clinics, and office buildings. This position will manage data collection, reporting, and trending for all critical systems components and services, and will require collaboration with other technical resources in the health institution to assess and take authorized action on anticipated improvements. The IT Security Engineer - Cyber Security (Incident Response) assists in the diagnosis and resolution of the most complex platform incidents and requests that require research and diagnosis and recommends process changes that improve the implementation, maintenance, and support of systems security. This position actively participates in strategic planning and 24x7 on-call support with other members of the IT staff.
The IT Security Engineer - Cyber Security (Incident Response) assists security engineering, architecture, and leadership, coordination, and communication for projects involving security solutions. This includes, but may not be limited to, assisting in the design, implementation, and deployment of various security technologies within the enterprise. This position is responsible for defining the scope of various projects, ensuring that all deliverables are met, and adhering to and supporting IT policies and procedures.
This position is responsible for achieving alignment and continuity between enterprise, business, and IT strategies, leveraging existing security investments, and providing scalable options as business requirements necessitate a need for change. This requires the IT Security Engineer - Cyber Security (Incident Response) to keep abreast of the latest security and risk management technologies, services, and components, actively facilitate communication between the business and IT, and provide coordination to a team of resources assigned to accomplish specific technical tasks.
The responsibilities listed in this section are core to the position. Inability to perform these responsibilities with or without accommodation may result in disqualification from the position.
- Provide local leadership, subject matter knowledge, coordination, and communication for projects involving cyber security and information risk, including defining the scope and ensuring deliverables are met.
- Ensure alignment and continuity between enterprise, business, and IT strategies.
- Create business case proposals, analysis of technologies, financials, and proposed project plans.
- Create RFPs, conducts reviews/assessments, and make vendor recommendations.
- Perform contract reviews and ensure risks are mitigated.
- Assist in the design, implementation, monitoring, and support of the hardware and software related to the cyber security and information risk program.
- Assist and lead various security assessments and control reviews.
- Identify gaps to security protocol in existing architecture.
- Security awareness training.
- Participate in strategic planning; creation and maintenance of standards, policies, and procedures.
- Manage data collection, reporting, and trending for critical risk and security devices and components.
- Proactively address a change in business requirements by leveraging existing risk and security investments.
- Provide 24x7 on-call support based on IT staff rotation and carries a phone as warranted, to assist with the most complex troubleshooting, coordination, escalation, and resolution of risk and security-based incidents, equipment failures, etc...
- Assist in building technology operational models and workflows for the business.
- Assist in strategic contingency planning from a security and risk perspective.
- Provide vendor management, service level definition, and service level management for vendors of risk and security technologies and/or services.
- Coordinate and participate in regular business meetings and workshops with technical staff to ensure timely transfer of knowledge, which affects security architecture and security policies.
- Participate in meetings, committees, and continuing education to improve individual, departmental and organizational performance.
- Aid and train users on the proper use of technology.
- Adhere to and support the health institutions' IT standards, policies, and procedures.
- Maintain and protect confidentiality with regard to all aspects of patient care and employee information.
- Adheres to Code of Conduct and Mission & Value Statement.
- Performs other duties as assigned
- Bachelor’s degree in computer science or information technology-related subject is preferred.
- Four plus (4+) years experience with complex system and security technologies and/or 4+ information risk experience.
- Solid experience managing multiple high-risk projects, including projects involving external vendors and multiple business areas in the health care information field.
- Multiple entity experience is preferred.
- Demonstrated expertise in creating and maintaining project deliverables such as project charter, project plan, status reports, project timesheets, estimates, communication plan, change control reporting, risk management plan, technical release management plan, budget (work hours and cost), milestone/deliverable
- CISSP or GSEC or CISM preferred or obtained within 2 years.
- Current or previously held vendor, security, systems, architect, project, audit, or network certifications preferred examples include; Cisco security, Microsoft Security, CCNP, CCNA, MCSE, CISM, CISA, CEH etc.
- Valid state driver’s license, proof of auto insurance, and reliable personal transportation capable of transporting both employee and standard work equipment
Knowledge, Skills, and Abilities:
- Strong technical competencies in the following:
- Knowledge of supported operating systems (Windows server and VMware ESX) network technology (Route, Switch, Firewall, VPN), utilities, vendor products, applicable programming languages and scripting, diagnostic techniques, applicable communications protocols, applicable hardware configurations
- Must have some experience in deploying technically complex infrastructure computing solutions across platforms and components.
- Must have security regulation and security framework knowledge. Examples include HIPAA, HITECH, HITRUST, NIST, ISO, and COBIT.
- Must be able to demonstrate knowledge of the following topics: firewall management, content filtering, IDS/IPS management, DLP, Identity management, and cloud security management.
- Ability to work with IT technical resources and understand their requirements is necessary.
- Leadership skills to establish and maintain business relations with technical resources, customers, business partners, vendors, and other IT personnel
- Change Management - High tolerance for Change
- Political Judgment - Involves all relevant stakeholders in major decisions; Strong facilitation skills; Utilizes approaches that foster ownership and minimize resistance
- Hands-on Approach - Acts as a role model for other technical resources; maintains subject matter depth and breadth; knowledgeable of current issues
- Makes decisions that are in the best interests of the business without succumbing to pressures
- Is available and accessible; Maintains a positive attitude
- Organization - Proactively prioritizes needs; Effectively manages resources
- Communication - Communicates complicated technical scenarios in common terms; Communicates clearly across a wide audience (oral and written communications)
- Customer Orientation - Establishes and maintains long-term customer relationships, builds trust and is respected by consistently meeting or exceeding expectations
- Motivate and challenge technical resources
- Problem Management
- Project Management
The Company is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, genetic information, or any other characteristic protected by law.