Information Security Engineer at GoHealth Urgent Care
Information Security Engineer
- Remote, United States | IT (Information Technology)
Safeguard GoHealth’s computer networks, systems, users and data by building and promoting the enterprise-wide IT Governance, Risk, Security, Privacy and Compliance Programs. The objectives of these programs are to identify potential risks, consult on possible solutions, and assist in determining the best balance of risk, cost, and business benefit to adequately protect critical company assets.
Plan and carry out security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks. Work as part of the larger IT team and be responsible for educating the workforce on information security through training and building awareness.
Install and use software, such as data encryption programs, to protect organizations’ sensitive information. Also assist computer users with installation or processing of new security products and procedures.
Conduct periodic scans of networks to find any vulnerability. Also conduct penetration testing, through simulated attacks on the system to highlight or find any weaknesses that might be exploited by a malicious party.
Constantly monitor the organization’s networks and systems for security breaches or intrusions. Install software that helps to identify intrusions and watch out for irregular system behavior.
- High School Diploma or GED required
- Bachelor’s degree in information systems/information security or equivalent work experience in Information Security or a closely related field involving Security standards and regulations (such as HIPAA, PCI-DSS 3.2, ISO 27001, HITRUST and NIST) with a solid understanding of network security protocols and methodologies. required
- Healthcare experience required
- 3+ yrs of Systems Engineering or Network Engineering required
- 2+ yrs of Info Security or similar responsibilities required
- Security + or SSCP
Additional Knowledge, Skills and Abilities Required
- Direct experience with anti-virus software, intrusion detection, network security, firewalls and content filtering
- Knowledge of risk assessment tools, technologies and methods. (for example SIEM solutions). Must understand architecture, implementation, deployment and support of these tools.
- Experience designing, maintaining and supporting secure systems and application architecture revolving around personal health information and payment processing transactions.
- Knowledge of disaster recovery, computer forensic tools, technologies and methods
- Compliance experience in implementing IT security controls for NIST800-53r4, HIPAA, ISO27001/27002/27018, PCIDSS, and/or SOX programs.
Additional Knowledge, Skills, and Abilities Preferred
- Ability to read and use the results of email transport protocols, malicious code, and anti-virus software
- Strong understanding of endpoint and network security solutions including vulnerability scanning, file integrity monitoring and data loss prevention
- Azure/Cloud experience and knowledge
- Experience implementing and administering security features and tools within Office 365 environment
- Other Security certifications a plus, including HCISPP, CISSP, CISM, CISA or related/comparable credentials.
- Experience using OneTrust Privacy Software a plus.
- Plan, design, enforce and audit security policies and procedures which safeguard the integrity of and access to enterprise systems, files, and data elements.
- Protect systems by defining access privileges, control structures, and resources.
- Recognize and identify potential areas where existing data security policies and procedures require change, or where ones need to be developed or improved, especially regarding future business expansion.
- Recognizes problems by identifying anomalies; reporting and investigating risks, concerns, or violations.
- Implements security improvements by assessing the current situation; evaluating trends; anticipating requirements.
- Creates, participates, and executes on strategic plans to continually improve and optimize information security across the GoHealth Urgent Care enterprise structure
- Determines security violations and inefficiencies by conducting periodic audits.
- Upgrades system by implementing and maintaining security controls.
- Keeps users informed by preparing performance reports; communicating system status.
- Maintains quality service by following organization standards.
- Maintains technical knowledge by attending educational workshops; reviewing publications.
- Contributes to team effort by accomplishing related results as needed.
- Ability to relate business requirements and risks to policy and technology implementations to key business stakeholders.
- Conduct Phishing evaluations and Security Awareness training for end users.
- Works in cross-functional teams to implement security measures and times both face-to-face and via written communication.
- Writing and maintaining information security policies and procedures.
Sign up for Daily Remote Job Alerts!