IS Principal Information Security Specialist
Our customer is a leading Hospital devoted exclusively to the care of children. Since their start in 1855, they have been the birthplace for countless breakthroughs and dramatic firsts in pediatric medicine. Built on a foundation of delivering safe, high-quality, family-centered care, our customer has fostered medical discoveries and innovations that have improved pediatric healthcare and saved countless children’s lives. Today, families facing complex conditions come to our customer from all over the world, and their compassionate care and innovation has repeatedly earned them a spot on the U.S. News & World Report’s Honor Roll of the nation’s best children’s hospitals.
Our customer is seeking an IS Principal Information Security Specialist for a hybrid, contract-to-hire staffing opportunity. The ideal candidate will have technical information security skills including cloud security, network security, SIEM experience, etc. Experience managing security projects end-to-end is strongly preferred.
• Demonstrates specialized and comprehensive knowledge in Information security management practices, disciplines, regulations, industry standards, related frameworks, project management principles, and methodologies, security engineering concepts, security operations model; industry standards around architecture principles.
• Demonstrates exceptional skills in managing multiple projects and priorities in order to meet strategic goals and timelines.
• Exhibits the ability to plan, manage and implement highly complex enterprise architecture and security implementations, enhancements or modifications that require in-depth knowledge across multiple technical areas and business segments.
• Exhibits exceptional understanding of emerging regulatory and healthcare issues in order to develop internal and external checks and controls to ensure proper governance, security and quality of information assets.
Demonstrates exceptional troubleshooting and collaborative skills required to identify, analyze and resolve complicated security issues.
• Demonstrates advanced proficiency in creating detailed documentation, perform budget planning and oversight, and providing input on our customer’s infrastructure strategic planning, technology standards, and information security and risk practices.
• Exhibits ability to communicate effectively with clients, colleagues, vendors, management and the ability to translate complex technical solutions into non-technical requirements documents.
• Performs planning, development, implementation, and delivery of enterprise architecture and engineering principles for new, existing and future strategic and operational activities.
• Demonstrates the ability to provide technical expertise and consultation to the CIO, CTO, CISO, executive leadership and other business and clinical leaders.
A Principal Information Security Specialist has similar responsibilities to Information Security Specialist III with our customer. However, a Principal Information Security Specialist is deemed to be the subject matter expert and in-house advisor on complex problems and issues.
A Principal Information Security Specialist also:
• Works independently to initiate assignments and draws upon extensive professional knowledge and experience to make independent judgments regarding analysis, evaluation, development, and implementation of enterprise long-term solutions and operating initiatives to ensure that enterprise architectural objectives are aligned with organizational needs and strategic goals.
• Optimizes information management approaches through an understanding of evolving business needs and technology capabilities and ensures that projects do not duplicate functionality or diverge from each other and business and IT strategies.
• Shapes, designs, and plans specific service lines in product area and manages the risks associated with information and IT assets through appropriate standards and security policies.
• Functions as the Subject Matter Expert (SME) to maintain an understanding of our customer’s IS business and clinical applications and the relationship to InfoSec and compliance solutions; assist Hospital stakeholders in understanding information protection needs that support the Hospital’s business.
• Works with other architects to provide a consensus-based enterprise solution that is scalable, adaptable and in synchronization with ever changing business needs and takes ownership of a particular solution offering.
• Works with highly matrixed team of IS personnel to support enterprise architecture and information security operations including, but not limited to, architecture and InfoSec principles around identity & access management models, cloud identify management providers, security information and event monitoring, and data loss prevention, perimeter (e.g. firewalls, IPS, web filtering), cloud and virtualization environments and network security (host-based firewalls, anti-virus, disk encryption).
• Support and/or lead activities around InfoSec standards for business continuity and change management activities (e.g., table tops and change review board) and educates IS Hospital management on security issues (e.g., Identity and Access Management (IAM), Role Based Access Control (RBAC) models.
• Demonstrates comprehensive knowledge and understanding of Information security principles, general and IT controls (e.g., access controls, risk management, change management, cloud security) and related information security policies and procedures.
• Exhibits knowledge of industry regulatory standards and accreditation requirements or control frameworks (HIPAA, PCI, Joint Commission, NIST, Red Flags, ISO 27000 series).
• Comprehensive knowledge of information security regulations, standards and leading practices, including understanding of EHR, cloud frameworks, identity access controls.
Good knowledge of basic database query techniques & data mining to analyze data or other related database functionality.
• Knowledge of Microsoft Active Directory, UNIX, and Clinical Applications a plus.
• Experience implementing application-level security in clinical and financial systems (e.g., Epic, Lawson). ERP experience a plus.
• General understanding of networking and communication techniques including WANs, LANs, Internet, Intranet, protocols, such as TCP/IP and their impact on security.
• Experience with Microsoft, UNIX, Lawson, and Clinical Applications,
Experience with industry standard SDLC methodologies; hands-on experience in Project Server methodologies, PMO project management skills, including use of MS productivity tools (Access, Word, PowerPoint, Visio, Project).
• Experience with risk management frameworks.
Information Security Requirements:
• Understand and comply with all enterprise and IS departmental information security policies, procedures and standards.
• Support the integration of information security in the development, design, and implementation of Hospital Technology Resources that process, transmit, or store our customer’s information.
• Support all compliance activities related to state, federal regulatory requirements, healthcare accreditation standards, and all other applicable regulations that govern the use and disclosure of patient, financial, or other confidential information.
• At least twelve (12) years industry related experience, including experience in one to two IT disciplines (such as technical architecture, network management, application development, middleware, information analysis, database management or operations) in a multitier environment.
• At least six (6) years of experience with information security, regulatory compliance and risk management concepts.
• At least three (3) years of experience with Identity and Access Management, user provisioning, Role Based Access Control, or control self-assessment methodologies and security awareness training.
• Experience with Cloud and/or Virtualization technologies.
• At least three (3) years in working with matrixed high-performance teams.
Candidates must be COVID vaccinated.
Education: BS degree in Comp Sci, Information Systems, or a related field is required.