Salary: $70,000 - $75,000
Supervisor: IT Security Manager
Purpose: The Information Security Specialist will provide support to day to day operations for the MPHI security tools environment. This position functions under the supervision/direction of the IT Security Manager.
Duties and Responsibilities:
- Align current business processes with client requirements and external security standards/obligations such as HIPAA, NIST, SOC2, etc.
- Identifying and remedying security deficiencies and gaps with business suitable controls.
- Works across security, IT and business teams in the creation of policies, procedures, or guidelines to ensure the security and privacy of information and computer systems.
- Review Statements of Work, Master Service Agreements, and other contracts for security obligations and identify areas of exposure.
- Configure and administrator the components of MPHIs Anti-Virus and Anti-Malware system.
- Monitor and coordinate response to all security events as detected by MPHI proactive security monitoring tools or as reported by the MPHI Service Desk.
- Monitor and manage the systems performing Intrusion Detection.
- Coordinate the scanning of MPHIs internal network environment on a quarterly basis and coordinating the appropriate third parties who are performing the scan.
- Serve as a liaison between operations and other teams to maximize the adoption of and support for security plans and procedures within the organization.
- Serve as primary liaison between operations and software development efforts to ensure secure coding practices are followed in accordance with OWASP, risks are mitigated, and security policies are collaboratively created and followed.
- Coordinating an annual penetration test with approved third parties.
- Monitor and manage the system providing VPN functionality for MPHI.
- Monitor and manage the f 5 ASM environment for MPHI.
- Monitor and manage Azure and O365 security for MPHI.
- Maintain a positive and credible, professional relationship with all parties relevant to MPHI projects, while representing the best interests of MPHI at all times.
- Will provide backup for the IT Security Manager.
- Other duties as assigned.
- Appropriate business, technical, and domain knowledge.
- Knowledge of PowerShell, Python or other scripting languages preferred.
- Interpersonal skills, e.g., the ability to work across functional lines and at many levels, and to effectively negotiate and facilitate solutions in a team environment.
- Effective oral and written communication skills (a writing sample may be requested).
- Proficiency in Microsoft OfficeExcel, PowerPoint, Outlook, Word, and Visio (tests in one or more products may be administered).
- Exposure to Microsoft SharePoint (desirable) or the demonstrated ability to learn quickly.
Education: Bachelor's degree in computer science, engineering or a related discipline, or the equivalent combination of education, technical training or work/military experience. Prefer candidates with one or more security certifications and software development experience.
Experience: 3+ years of Information Security/Risk Management experience required. Intermediate to advanced knowledge and work experience in Risk Management or related fields such as Audit, IT Security, or Business Continuity, however other IT disciplines. Experience in secure software development, information technology, systems design, and/or systems integrations. Preference given to candidates with experience in Cisco-based firewall, IPS and network security technologies, Security Frameworks (ISO, NIST, COBIT, HIPAA/HITECH, etc.) and regulatory requirements. Strong working knowledge of Azure and O365 platform preferred.
Important Skills and Characteristics:
Work Environment and Physical Requirements: MPHI is a standard office environment. May require viewing a CRT or VDT screen 25% to 75% of the time. May require a valid vehicle operators license. May require moderate physical effort, including lifting materials and equipment up to 50 pounds. May require communication after hours or on weekends in response to physical security alarms/issues/etc.
Responsibility for the Work of Others: No assigned responsibilities.
Impact on Projects, Services, and Operations: Competent performance in this position has a substantial impact on the integrity and professional reputation of MPHI, including meeting the needs of MPHI clients in a timely manner, maintaining professional relationships, and enhancing the potential for future contracts with clients.