Lead Information Security Engineer

Addison Group - Washington, DC3.8


HireStrategy’s client is seeking a Lead (Techno/Functional) Information Security Engineer.

Under limited supervision by the Director of Technology and the Chief Information Security Officer, the Information Security Engineer will be responsible for the cyber-defense function.
Contribute to the selection, deployment, and operation of cyber-defense technologies, including firewalls, monitoring tools, malware detection, and log analysis tools across the organization.
Be an expert in the adoption of cyber-security frameworks (e.g., NIST, HITRUST, FISMA, and ISO) and regulations specific to healthcare (e.g., HIPAA and HITECH).
Contribute to enterprise policies related to data use, network access, and appropriate use of computer equipment.

Minimum Requirements:
B.S. in Computer Engineering, Computer Science, or other similar area
At least two (2) years of experience in managing information security for a complex organization.
Knowledge of healthcare security and privacy regulations (HIPAA/HITECH) AND / OR advanced knowledge of at least one information security framework (e.g., NIST, HITRUST, FISMA, ISO).
Certified Information Security System Professional (CISSP) certification and Healthcare experience are major pluses.

Conduct cyber security audits, penetration tests, and investigations of cyber-security incidents.
Responsible for coordinating cyber threat mitigation activities, security breach detection, containment, and restoration activities and contribute to the organization’s disaster response plan.
Develop and disseminate information security awareness training materials and develop and deliver class- room training for employees.
Provide front-line response to detection systems and alarms
Investigate malware, targeted attacks, intrusion attempts, and vulnerabilities
Drive continuous improvement of response capabilities through automation and critical thinking
Participate in the development, documentation, implementation and evaluation in security policies, guidance and procedures

Organizational Expectations:
Adheres to the requirements of the HIPAA Privacy Policies and Procedures. Maintains confidentiality of patients, families, and staff.