Primary City/State: Phoenix, Arizona
Department Name: IT Threat & Vulnerability Mgmt
Work Shift: Day
Job Category: Information Technology
POSITION SUMMARY Responsible for planning, organizing day-to-day management of information technology security projects and applications. Incumbent participates in the development and implementation of information technology strategies to achieve desired outcomes for I.T. security. Incumbent is expected to work with management across diverse areas and multiple locations to pursue system wide solutions and approaches. Serves as a member of an Incident Response Team (IRT) and respond to emergency calls during non-business hours, as needed. This position requires project participation, leads small projects, performs problem resolution; conducts incident support and monitors Security Operations Center (SOC) communications. Performs all functions according to established policies, procedures, regulatory and accreditation requirements, as well as applicable professional standards.
CORE FUNCTIONS 1. Leads and manages projects for company-wide IT security system implementations. Conducts meetings with appropriate department representatives, coordinates security requirements and installations with vendors and partners, and prioritizes security updates according to established production requirements.
2. Implements and maintains information security programs for the protection of critical corporate information assets. Evaluates and recommends new information security technologies and new countermeasures against threats to information and/or privacy. Monitors and evaluates information security systems and processes implemented throughout the organization and work to reduce risks to corporate computing resources and investigate information security exposures, incidents, and breaches.
3. Establishes and documents information security programs and procedures to support commitment to exceptional network security standards including HIPAA, PCI and other initiatives. Provides security education and training to employees through new employee orientation classes and periodic distribution of educational material by means of email, company newsletter, department discussions.
4. Performs complex security analysis and design, project planning, control, and implementation. Ensures all appropriate parties are informed of plans, progress, and status. May manage a project team from a technical perspective. Analyzes the company information security posture, identifies measures to be met by any new or modified system, and defines the implementation process for the secure system.
5. Participates in information security response and provides audit/compliance and forensic activities for the company, as needed. Works with HR to investigate possible misuse of company computer resources by employees.
6. Conduct security reviews, evaluations, risk assessments, and develop recommendations as appropriate. Develops and maintains the technical system, network and application information security baselines and standards.
KNOWLEDGE, SKILLS AND ABILITIES - Applies professional experience and judgment as guide to planning and action
- Uses expertise to refine goals, plans and actions
- Holistic, systems approach to solutioning and problem solving
- Acknowledged competency and ability to guide change
- Actively engages incident management, root cause analysis and change control process
- Creates documentation and updates appropriate Knowledge Bases
- Strong verbal/written communication skills
- Excellent interpersonal skills
- Troubleshooting and complex problem-solving ability
- Good judgement and decision-making ability
- Effective time management skills
- Project management and organizational skills
MINIMUM QUALIFICATIONS - Associate degree in business, computer science or related field.
- 3 years relevant experience of any combination of IT, Information Security, Compliance, or Risk Management experience.
- Certification in one of the following areas: Certified Information Systems Security Professional (CISSP), Systems Security Certified Practitioner (SSCP), HealthCare Information Security & Privacy Practitioner (HCISSP), Payment Card Industry - Internal Security Assessor (PCI-ISA), CompTIA Security , HIPAA Security, Information Security Technology Fundamentals, Internet Security or ITAA Information Security Awareness.
- Expert level knowledge of current network architecture & IT Security.
- Strong verbal/written communication skills.
- Excellent interpersonal skills.
- Troubleshooting and complex problem-solving abilities.
- Sound judgement and decision-making skills.
- Efficient time management skills.
- Excellent project management and organizational skills.
- Minimum age requirement of 18
- Demonstrated ability using Business and enterprise application server technologies.
- Demonstrated ability performing system evaluation, operations monitoring and analysis.
PREFERRED QUALIFICATIONS - Experience in the Laboratory or Healthcare Industry, and with PHI (protected health information).
- Demonstrated familiarity with six-sigma concepts.
- IT Security Certification (CISSP or similar).
- PCI-DSS Internal Security Assessor
- (ISC)2 HCISPP
- (ISC)2 Systems Security Certified Practitioner
- (ISC)2 Security Assessment and Authorization Certification (CAP)
- Additional related education and/or experience.
EEO Statement: EEO/Female/Minority/Disability/Veterans
Our organization supports a drug-free work environment.
Privacy Policy: Privacy Policy