The Information Security Engineer assists with the day to day information security operations and help with the implementation of the Information Security Strategic Plan to enforce HIPAA and PCI compliance. Responsibilities include the managing, monitoring and maintenance of information security devices such as; encryption technology, Intrusion Prevention System (IPS), Threat Detection tools, SEIM tools and web content filtering technology. Analyzes and creates reports based on information gathered from security technology and report to CISO on daily basis. Performs detailed information security assessments on Harris Health System information systems to ensure compliance with federal and state regulations. Assists with e-discovery, forensic and internal penetration testing. These information security assessments will include but are not limited to application reviews, access controls, network reviews, and regulatory and other compliance reviews. Other information security duties as assigned.
MINIMUM QUALIFICATIONS: Education/Specialized Training/Licensure: Four (4) year degree in a technology related field or equivalent work experience. Knowledge of HIPAA Security rule, HITECH, Payment Card Industry (PCI), NIST standards, Sans top 20, ISO27000 series, investigating and documenting incidents, and compliance. (required) CEH, GIAC certifications, Cisco security certification, or CISSP or CISM highly desirable or must be obtained within 6 months of accepting position. Specific vendor security certification can be considered.
Five (5) years related industry experience (clinical or business).
Four (4) years in a security and technical roles.
Ability to evaluate and review a range of information systems and applications which may include but not limited to Encase FireEye, Cisco Firewall/IPS, CheckPoint PointSec, Rapid7 Nexpose, Metasploit, MobileIron, ProofPoint, Imperv DAM/DBF, Qradar, Radware, SEIM, SourceFire, Websense WSGA/DLP
SPECIAL REQUIREMENTS: Communication Skills: Above Average Verbal (Heavy Public Contact) Exceptional Verbal (e.g., Public Speaking) Languages: Writing /Composing (Correspondence/Reports) Other Skills: Analytical, PC and Word Proc
TYPICAL DUTIES THAT MAY BE PERFORMED 1. Projects: Execute projects that are consistent with defined deliverables, schedule and budgetary requirements. Projects such as: a. User Provisioning b. Access control c. Risk Management d. Continuous monitoring of security environment e. Security Operations f. Encryption Technology g. Other Security Related Projects as Assigned
2. Communications/Interpersonal Skills: a. Demonstrate professional written, verbal and presentation communication skills in all aspects of the position. b. Ensure frequent and open communications with all customers. c. Work harmoniously with staff and communicate verbally in a pleasant manner. d. Maintain emotional control and diplomacy during interactions
3. Career/Staff Development a. Attend all Harris Health Mandatory in-services. b. Participate in staff development programs and attends meetings when expected. c. Seek additional training to keep skills consistent with tools used by department (internal/external) d. Attend Conferences and Professional Association Meetings
4. Auditing a. Monitor compliance with federal, state and local laws. b. Identify Limitations with Existing Security Infrastructure c. Conduct operational, compliance and investigative audits. d. Follow up on audit findings to ensure management has taken corrective action. e. Perform review of internal control procedures and security for systems under development or enhancements to existing systems. f. Evaluate Information System Malware, Security Exploitation Reports etc. g. Ensure frequent and effective communications with management and other Staff regarding security related initiatives and incidents. h. Other Security Auditing Tasks as Assigned
5. Security Operations a. Security Incident Response, Reporting and Investigations b. Monitor Computing Resources for Evidence of compromise c. Assist with Forensic Investigations When Necessary d. Maintain and Update Security Documentation Including Diagrams and Standards e. HR/Corporate Compliance Security Investigation Support f. Ensure system are properly protect from malware Monitoring for cyber threats g. Check for unauthorized wireless devices h. Spam Review i. Process Help Desk Tickets related to information security incidents j. Other security related tasks as assigned
The Harris Health System is a fully integrated healthcare system that cares for all residents of Harris County, Texas. We are the first accredited healthcare institution in Harris County to be designated by the National Committee for Quality Assurance as a Patient-Centered Medical Home, and are one of the largest systems in the country to achieve the quality standard. Our system includes 23 community health centers, five school-based clinics, a dental center and dialysis center, mobile health units, a rehabilitation and specialty hospital and two full-service hospitals.Ben Taub Hospital is a world renowned Level I Trauma Center with 586 licensed acute-care beds and provides a wide range of specialty care outpatient services. Lyndon B. Johnson Hospital is a 328 licensed bed acute-care hospital with a newly expanded Level III trauma center and a distinguished regional center for neonatal intensive care for high-risk deliveries.Harris Health is a teaching system for Baylor College of Medicine and The University of Texas Health Science Center at Houston (UTHealth). We train the next generation of healthcare providers on the latest medical procedures and technological breakthroughs.With... our fully integrated electronic medical records system, we offer patients the convenience and assurance that their medical history is accurate, safe and available when and where it is needed. Our Medical Home designation ensures that we offer a full range of preventive, specialty and acute care services for the entire family.