MedData is currently seeking a Manager of IT Security & Risk Management. This is a unique opportunity to join our Security Services Team and participate in establishing and maintaining a corporate-wide information technology security and risk management program to ensure that IT & IS related risks are identified, inventoried, tracked, and addressed based on risk and company priority. An up-to-date understanding of the latest IT Security related risks, threats, and trends as well as an understanding of security best practice options to address these items is essential. Ability to assist in oversight and execution of the Company's IT/IS related audits, risk assessments, testing, and monitoring efforts to ensure compliance with regulatory requirements and internal policies is needed. Experience with security solution implementations and management in an enterprise environment is important.
- Manages and matures information technology and information security risk management processes, programs and strategies.
- Aligns information technology/information security risk management and control activities as appropriate with NIST, HITRUST, HIPAA, SOC 1, SOC 2, PCI, HL7, and guidance/requirements and internal governing enterprise risk management policies.
- Identifies technology gaps and deficiencies by conducting risk assessments; recommends corrective actions of identified control weaknesses.
- Leads the planning, testing, tracking, remediation, and risk acceptance for identified technology and security risks.
- Ensures adequate compliance resources and training, fostering a risk and compliance focused culture and optimizing relations with corporate compliance members and regulators. Escalates pertinent findings in a timely manner.
- Directs the activities of staff in accomplishing corporate business objectives. Sets priorities, provides guidance, secures resources, interfaces with peers and senior leadership and communicates effectively at all levels.
- Builds and maintains high-performance teams within the risk organization to successfully address risk identification, assessment, measurement, mitigation, aggregation and reporting.
- Ensures enterprise due-diligence activities including monitoring, metrics and KRIs to evaluate effectiveness of the enterprise information technology and information security programs, risks and established controls.
- Manages issue management activities and monitors remediation plans. Ensures the clear and professional documentation of root cause and risk analysis of all findings. Reviews and manages action plans for issue resolution.
- Provides oversight as information technology and information security GRC subject matter expert to business areas, project teams and vendors to apply and execute appropriate application of controls in compliance with policies and standards.
- Collaborate with cross-functional stakeholders (e.g., leaders within IT, Legal, Audit, Compliance, HR, ERM, etc.) to help develop consistent processes for identifying, developing, and implementing controls to address information technology and information security risks.
- Leverage Subject Matter Experts for regulatory requirement guidance and training.
- Emerging Risks - Continually works to enhance breadth and depth of knowledge and experience
- Ability to explain highly technical Cybersecurity concepts in a way executives and non-technical staff can understand
Requires advanced technical and troubleshooting skills based upon extensive knowledge of Microsoft server operating systems, TCP/IP, server-class hardware and network applications.
- Requires familiarity with Microsoft Exchange, Microsoft Active Directory, enterprise-level antivirus, audit functions/logging and disaster recovery/business continuity.
- Specific experience with the implementation and management of security tools including Intrusion detection prevention tools Endpoint security tools (Symantec, Cylance, etc.) Malware remediation tools (Malwarebytes, etc.) Vulnerability scanners (Qualys, Nessus, Nexpose, etc.) Log Aggregation management tools (Splunk, SolarWinds, Logstash, etc.)
- Self-initiative to conduct research to analyze security products and recommend use of new products and services to management.
- Ensure proper protection or corrective measures are immediately taken when an incident or vulnerability is discovered within a system.
- Provide special consideration to intrusion detection, finding and fixing unprotected vulnerabilities, and ensuring that remote access points are secure.
- Provide potential solutions to security systems that have been identified as security risks along with modification details.
- Manage existing security solutions, including firewalls, anti-virus, and intrusion detection systems.
- Bachelor degree in Computer Science or related field or equivalent experience is required.
- Minimum of 5 years of equivalent work experience is required.
- CEH – Certified Ethical Hacker.
- CISSP – Certified Information Systems Security Professional.
- CISM – Certified Information Security Manager.
- Hands-on hardware/software troubleshooting experience is required.
- Experience working in a team-oriented, collaborative environment is required.
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the duties of this job, the employee is frequently required to sit; use hands to finger, handle, or feel; and reach with hands and arms. The employee is occasionally required to stand and walk and must occasionally lift and/or move up to 25 pounds.
The duties listed above are intended only as illustrations of the various types of work that may be performed. The omission of specific statements of duties does not exclude them from the position if the work is similar, related, or a logical assignment to the position.
This job description is to serve as a guide but no way is it to be considered a comprehensive list of task, duties and responsibilities that will be required by the employee.
To join our team of 2,000 employees and growing, please apply directly to this posting.
MedData is an equal opportunity employer.