What are the responsibilities and job description for the Security Engineer position at AHMC Healthcare?
Overview
POSITION SUMMARYThe Security Engineer is responsible for designing, recommending and implementing enterprise-wide strategies and solutions addressing overall IT application/systems security, associated regulatory compliance and general systems availability. Applying technical expertise as it applies to server and systems hardware, operating systems, and general data center operations, the Security Engineer actively monitors and assists with ensuring systems are kept up to date and works with other team members to implement mitigations. The Security Engineer stays abreast of information technology developments, provides opinions on emerging technologies, and aids in practically adopting technology and incorporating it into existing systems and procedures.
Responsibilities
ESSENTIAL JOB FUNCTIONS• Researches, recommends, and implements solutions addressing IT Security and Compliance to include: remote access, e-mail security, identity management, wireless, device, encryption, server configuration, operating system configurations, network, and firewall.• Review٫ develop and implement security measures for the protection of computer systems٫ networks and information• Configure and troubleshoot security infrastructure devices• Create technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks• Monitors information systems for security incidents and vulnerabilities; develops monitoring and visibility capabilities; reports on incidents, vulnerabilities, and trends.• Responds to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; interacts and coordinates with third-party incident responders, including law enforcement.• Maintains consultative expertise and competence in method used to establish IT systems and application security, including mandated regulatory compliance.• Architects, designs, implements, maintains and operates information system security controls and countermeasures.• Analyzes and recommends security controls and procedures in acquisition, development, and change management lifecycle of information systems, and monitors for compliance.• Analyzes and recommends security controls and procedures in business processes related to use of information systems and assets, and monitors for compliance.• Analyzes trends, news and changes in threat and compliance environment with respect to organizational risk; advises organization management and develops and executes plans for compliance and mitigation of risk.• Performs risk and compliance self-assessments, and engages and coordinates third-party risk and compliance assessments.• Analyzes and develops information security governance, including organizational policies, procedures, standards, baselines and guidelines with respect to information security and use and operation of information systems.• Develops and administers, or provides advice, evaluation, and oversight for, information security training and awareness programs.• Administers authentication and access controls, including provisioning, changes, and offboarding of user and system accounts, security/access roles, and access permissions to information assets.• Excellent time management and organizational skills, and ability to handle multiple concurrent tasks and projects with minimal supervision.• Participates in the analysis of Information Technology options to meet research and educational needs• Maintain a high level of employee morale within the team.• Maintain and enhance cooperative interdepartmental and vendor relationships and communications.• Attends and participates in meetings, committees, and training sessions as directed by Director of Information Technology.• Assist with disaster recovery planning and testing• Ability to work a flexible schedule and second tier on call.• Maintains confidentiality at all times and complies with HIPAA and security compliance guidelines at all times.• Perform additional duties as assigned.
Qualifications
TRAINING/EXPERIENCE• Must have the ability to speak, interpret and follow verbal and written instructions in English• Minimum of 3 years’ experience building and maintaining security systems, including firewalls٫ intrusion detection systems٫ anti-virus software٫ authentication systems٫ log management٫ content filtering٫ etc• Good experience with network security and networking technologies and with system٫ security٫ and network monitoring tools• In-depth knowledge of database and operating system security• Good familiarity of the latest security principles٫ techniques٫ and protocols• Understanding of Web related technologies٫ including applications٫ services٫ Service Oriented Architectures٫ networking protocols and so on• Strong problem solving skills and ability to work under pressure• Keep up to date on the latest technologies and certificates• Good communication skills, both written and verbal• Healthcare experience preferred
EDUCATION/CERTIFICATION/LICENSE• Advanced degree or equivalent in Information Discipline, MCSE, or related IT Experience.
Hospital Description
AHMC provides management services to AHMC Anaheim Regional Medical Center with 223 beds, Garfield Medical Center with 211 beds, Greater El Monte Community Hospital with 115 beds, Monterey Park Hospital with 102 beds, San Gabriel Valley Medical Center with 273 beds, and Whittier Hospital Medical Center with 172 beds. The facilities are Medicare and Medi-Cal certified and accredited by the Joint Commission on Accreditation of Healthcare Organizations. The hospitals provide healthcare services reimbursed by Medicare, Medi-Cal, traditional insurance plans, PPO, HMO and under capitated arrangements.
