Senior Information Security Engineer

ModMed is hiring a driven Senior Security Engineer who will play a critical role in driving the security engineering program by serving as both a subject matter expert and a key liaison between security and the business. This role is responsible for providing technical leadership in securing applications and infrastructure, helping teams implement best practices, and ensuring security requirements align with business objectives. Additionally, the engineer will contribute to program management efforts, track key security metrics, and support continuous improvement initiatives to enhance the organization’s security posture This is an exciting opportunity within a fast-paced Healthcare IT company that is truly Modernizing Medicine!

Your Role:

• Collaborate with System Owners, the CISA, Information System Architects and System ISSOs to create, refine, and implement technical requirements 
• Ownership of Security Engineering Program Management and metrics.  
• Lead and mentor Information Security team members, including technical members of the existing team and one or more mid-level ISSO liaisons in the future, in the execution of the duties of an ISSO Liaison.
• Responsible for facilitating the identification of new controls to be implemented and, in some cases, leading the implementation process
• Responsible for making tactical decisions related to the prioritization and implementation of new controls and measures designed to close control gaps.  

Skills & Requirements:

• Minimum of 7 years’ experience in IT Security field
• Minimum of 5 years’ experience as an Information Systems Security Officer or similar role
• Ability to create, implement and maintain security plans for information systems and mentor both security team members and risk constituents in the practical application of NIST 800-18 Guide for Developing Security Plans for Federal Information Systems, the NIST Cyber Security Framework or similar industry standards
• Highly capable of practical application and mentoring others in the practical application of the NIST 800-53 Security and Privacy Controls for Information Systems
• Strong project management skills with significant experience in facilitating the selection and implementing information system controls; Plan of Action and Milestone Completion and oversight of ongoing activities related to system security plans such as ensuring that risk assessments, Information System Contingency Plans, Disaster Recovery tests and other plan activities are performed.
• Expert in facilitating and advising ISSOs in the execution of their job functions in a matrixed organization
• Ability to effectively translate policies into technical requirements and back again

#LI#LA1