We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
#alert
Back to search results

Information Security Engineer

Mercy Health Corporation
United States, Wisconsin, Janesville
Nov 19, 2024
Overview

  • 3+ years of relevant work experience in Security Engineering, network security devices, security practices, or infrastructure security in a regulated environment.
  • 2+ years of experience working in at least one of the following regulatory settings: ISO 27001, SOX, HIPAA, HITECH, CLIA, CAP.
  • Authorization to work in the United States without sponsorship.

Experience a rewarding and fulfilling career with Mercyhealth. Mercyhealth is committed to offering our partners a best place to work. Our unique workplace Culture of Excellence is built upon:

  • Employee engagement, empowerment and growth
  • Teamwork toward our common goal - providing exceptional health care services with a passion for making lives better
  • An atmosphere of caring and quality that cascades throughout the organization

The Information Security Engineer role will be responsible for supporting the operational security function to maintain the confidentiality, integrity, and availability of Mercyhealth's digital assets. A hands-on technical specialist, the Information Security Engineer handles the complex and detailed technical work necessary to foster and enhance a robust, in-depth security posture


Responsibilities

ESSENTIAL DUTIES AND RESPONSIBILITIES

  • Serve as a champion for effective information security processes and behaviors across the enterprise.
  • Monitor, investigate and mitigate information security alerts generated throughout the information security solution stack (i.e., MDR, CRI, XDR).
  • Provide technical assistance with the set-up and proper management of systems that support the Mercyhealth information security posture; including, but not limited to, malware detection systems, spyware and adware detection systems, and spam filtering systems.
  • Evaluate bug reports, security exploit reports, and other security notices issued by vendors, manufacturers, government agencies, professional associations, and other organizations as needed, make recommendations to internal management and technical resources to take precaution steps and track remediation.
  • Review penetration test and vulnerability scan results, develop prioritized mitigation plans and track execution of effective mitigation measures.
  • Assist in fulfilling evidence requests in response to regulatory compliance audits (i.e., SOC, HIPAA/HITECH).
  • Evaluate acquired or developed systems and architectures to ensure alignment with Mercyhealth's information security requirements.
  • Perform security reviews, identify gaps in security architecture, and develop a security risk mitigation plan.
  • Identify and develop content to support the information security awareness and training program.
  • Evaluate information systems and networks to determine the protections needed (i.e., security controls).
  • Serve as a technical consultant on information security investigations and forensic technical analysis.
  • Serve as an active, supporting role to the Security Incident Response Team (SIRT) and participate in security incident response efforts.

EDUCATION and EXPERIENCE

  • Bachelor's degree in computer science, information systems, or field related to essential duties of the job or related field; or high school degree/general education diploma and 4 years of relevant experience in lieu of bachelor's degree.
  • 3+ years of relevant work experience in Security Engineering, network security devices, security practices, or infrastructure security in a regulated environment.
  • 2+ years of experience working in at least one of the following regulatory settings: ISO 27001, SOX, HIPAA, HITECH, CLIA, CAP.
  • In-depth knowledge of common security exploits, vulnerabilities, and countermeasures.
  • Demonstrated ability to perform the Essential Duties of the position with or without accommodation.
  • Authorization to work in the United States without sponsorship.

CERTIFICATION/LICENSURE

Information security or cyber security certification(s) is preferred.

ADDITIONAL REQUIREMENTS

Passing the Driver's License Check and/or Credit Check (for those positions requiring).

Must be able to follow written/oral instructions.

OTHER SKILLS AND ABILITIES

  • Demonstrates a sense of urgency and a commitment to high standards of ethics, regulatory compliance, customer service and business integrity.
  • Hands-on experience with SIEM implementation and administration.
  • Information security in a public/private cloud infrastructure (Azure, AWS) environment.
  • Completion or coursework toward information security certifications.

INFORMATION ACCESS

Partner may access patient care information, financial data, human resource data and strategic and planning data needed to perform their job duties as directed by the director.

WORK CONTACT GROUP

Partners, physicians, vendors

SPECIAL PHYSICAL DEMANDS

The Special Physical Demands are considered Essential Job Functions of the position with or without reasonable accommodations. While performing the duties of this job, the partner is regularly required to sit and use hands to finger, handle or feel. The partner is occasionally required to stand, walk, or reach with hands and arms; climb or balance and stoop, kneel, crouch, or crawl. The partner must occasionally lift and or move up to 25 pounds. Specific vision abilities required by this job include close vision and color vision.

LEVEL OF SUPERVISION

Requires minimal level of supervision.

Applied = 0

(web-5584d87848-9vqxv)