Information Security Principal Engineer

IntePros is seeking a highly skilled Information Security Principal Engineer to join our industry-leading healthcare client in Philadelphia, PA. This is a remote role, but local candidates are preferred for potential needs to come onsite periodically. The ideal candidate will have a deep understanding of information security frameworks, regulatory requirements, security engineering principles, and emerging industry trends. This role requires exceptional problem-solving skills, the ability to manage multiple projects, and the capability to communicate complex security concepts to both technical and non-technical stakeholders.

Key Responsibilities

• Serve as an expert and advisor on complex security issues, providing technical leadership and guidance to cross-functional teams.
• Develop, implement, and oversee enterprise security architecture strategies to align with organizational goals and industry best practices.
• Lead the planning and execution of security implementations, enhancements, and modifications across diverse technical domains.
• Ensure compliance with regulatory and healthcare security requirements, developing governance frameworks and risk controls.
• Identify, analyze, and resolve intricate security challenges, optimizing information management strategies and mitigating risks.
• Collaborate with executive leadership, including the CIO, CTO, and CISO, to provide security insights and recommendations.
• Provide technical expertise in areas such as identity and access management, cloud security, data loss prevention, security event monitoring, and network security.
• Oversee security initiatives related to business continuity, change management, and compliance policies.
• Work closely with Managed Security Service Providers (MSSPs) and cloud providers to enhance security capabilities and governance.
• Develop and maintain comprehensive security documentation, strategic plans, and technology roadmaps.
  
  

Top Skillsets Sought

• Technical, hands-on experience with information security project implementations.
• Technical experience with security logging and security monitoring technology (i.e., security incident & event management technology, managed detection and response technology, etc.). Microsoft technology experience a plus.
• Experience working with Managed Security Service Providers (MSSPs) and Cloud providers.
• Experience with managing governance over security initiatives, such as security logging governance.
• Able to work independently and draws upon extensive professional knowledge and experience to make independent judgment regarding analysis, evaluation, development, and implementation of enterprise long-term solutions and operating initiatives.
• Excellent communication and documentation skills a must.
  
  

Education & Skills

• Demonstrates comprehensive knowledge and understanding of Information security principles, general and IT controls (e.g., access controls, risk management, change management, cloud security) and related information security policies and procedures.
• Exhibits knowledge of industry regulatory standards and accreditation requirements or control frameworks (HIPAA, PCI, Joint Commission, NIST, Red Flags, ISO 27000 series).
• Comprehensive knowledge of information security regulations, standards, and leading practices, including understanding of EHR, cloud frameworks, and identity access controls.
• Good knowledge of basic database query techniques & data mining to analyze data or other related database functionality.
• Knowledge of Microsoft Active Directory, UNIX, and Clinical Applications a plus.
• Experience implementing application-level security in clinical and financial systems (e.g., Epic, Lawson). ERP experience a plus.
• General understanding of networking and communication techniques including WANs, LANs, Internet, Intranet, protocols, such as TCP/IP and their impact on security.
• Experience with industry-standard SDLC methodologies; hands-on experience in Project Server methodologies, PMO project management skills, including use of MS productivity tools (Access, Word, PowerPoint, Visio, Project).
• Experience with risk management frameworks.
  
  

Information Security Requirements

• Understand and comply with all enterprise and IS departmental information security policies, procedures, and standards.
• Support the integration of information security in the development, design, and implementation of Hospital Technology Resources that process, transmit, or store client information.
• Support all compliance activities related to state, federal regulatory requirements, healthcare accreditation standards, and all other applicable regulations that govern the use and disclosure of patient, financial, or other confidential information.
  
  

Required Education

• Bachelor's Degree
  
  

Preferred Education

• Bachelor's Degree in Computer Science, Information Systems, or related field
  
  

Required Experience

• At least twelve (12) years industry-related experience, including experience in one to two IT disciplines (such as technical architecture, network management, application development, middleware, information analysis, database management, or operations) in a multitier environment.
• At least six (6) years experience with information security, regulatory compliance, and risk management concepts.
• At least three (3) years experience with Identity and Access Management, user provisioning, Role Based Access Control, or control self-assessment methodologies and security awareness training.
• Experience with Cloud and/or Virtualization technologies.
  
  

Preferred Experience: At least three (3) years working with matrixed high-performance teams.