INFORMATION SECURITY ENGINEER - 3907

Montefiore Information Technology in Yonkers, NY

  • Industry: Information Technology - Information Security Specialist/Forensics
  • Type: Full Time
  • $140,345.00 - 187,860.00
Montefiore, the University Hospital for Albert Einstein College of Medicine, is one of healthcare's most wired hospitals, widely recognized by the Hospitals & Health Networks' 15th annual Most Wired Survey for our adoption of technology to support clinical care and patient safety and privacy, infrastructure, business and administrative management, and the continuum of care. Our experts deploy new technologies, define new business processes and provide stakeholders across the institution with the resources needed to meet their most difficult challenges. As a Montefiore IT employee, you'll have ample opportunities to transform patient care, improve health outcomes and gain insight into the technical workings of one of the nation's top academic medical centers. We are hiring an Information Security Engineer who will be a senior member of the information security team and works closely with the other members of the team to develop and implement a comprehensive information security program. This includes defining security policies, processes and standards. The security engineer works with the IT department to select and deploy technical controls to meet specific security requirements and defines processes and standards to ensure that security configurations are maintained. JOB RESPONSIBILITIES The information security manager works with business units and with other risk functions to identify security requirements, using methods that may include risk and business impact assessments. Components of this activity include but are not limited to: Business system analysis. Communication, facilitation and consensus building. Assists in the coordination and completion of information security operations documentation. Works with information security leadership to develop strategies and plans to enforce security requirements and address identified risks. Reports to management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance. Plays an advisory role in application development or acquisition projects to assess security requirements and controls and to ensure that security controls are implemented as planned. Collaborates on critical IT projects to ensure that security issues are addressed throughout the project life cycle. Works with IT departments and members of the information security team to identify, select and implement technical controls. Develops security processes and procedures, and supports service-level agreements (SLAs) to ensure that security controls are managed and maintained. Advises security analysts on normal and exception-based processing of security authorization requests. Research, evaluate and recommend information-security-related hardware and software, including developing business cases for security investments. Develops a common set of security tools. Defines operational parameters for their use, and conducts reviews of tool output. Performs control and vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls, and recommends remedial action. Defines testing criteria for systems and applications Is the primary individual responsible for the execution of risk assessment activities, analyzing the results of audits (performed by other groups) to produce recommendations of acceptable risk and risk mitigation strategy Works with junior staff on deploying, tuning and running vulnerability-scanning and penetration-testing tools. Definition of Controls Defines security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems. Develops and validates baseline security configurations for operating systems, applications, and networking and telecommunications equipment. Incident Detection and Response Provides second- and third-level support and analysis during and after a security incident. Assists security administrators and IT staff in the resolution of reported security incidents. Participates in security investigations and compliance reviews, as requested by internal or external auditors. Acts as a liaison between incident response leads and subject matter experts. Monitors daily or weekly reports and security logs for unusual events. Audit Support: Manage relationships with the audit group. Receives audit findings, and manages the collection of responses and remediation plans with owners. Works within the information security governance process to define control recommendations that are both efficient and effective. Provides oversight and management of audit finding remediation, including generating requirements for full remediation, providing feedback and suggestions on managerial responses to findings, and tracking progress and providing status and updates to the enterprise compliance team for reporting purposes. Supports e-discovery processes to include identification, collection, preservation and processing of relevant data. Maintains an awareness of existing and proposed security-standard-setting groups, state and federal legislation and regulations pertaining to information security. Identifies regulatory changes that will affect information security policy, standards and procedures, and recommends appropriate changes. Information Security Architecture: Assists in the development of security architecture and security policies, principles and standards. Participates in the enterprise architecture (EA) community, and provides strategic guidance during the EA process. Research, evaluate, design, test, recommend and plan the implementation of new or updated information security technologies. Research and assess new threats and security alerts, and recommend remedial actions. Provides guidance for security activities in the system development life cycle (SDLC) and application development efforts. Participates in organizational projects, as required. JOB REQUIREMENTS: Technical Competency In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls. Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans. Experience with common information security management frameworks, such as the International Organization for Standardization (ISO) 2700x and the ITIL, COBIT and National Institute of Standards and Technology (NIST) frameworks. Knowledge of the fundamentals of project management, and experience with creating and managing project plans, including budgeting and resource allocation. In-depth knowledge of risk assessment methods and technologies. Proficiency in performing risk, business impact, control and vulnerability assessments. Strong understanding of business applications, including ERP and financial systems. Excellent technical knowledge of mainstream operating systems, for example, Microsoft Windows and Oracle Solaris and a wide range of security technologies, such as network security appliances, identity, and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools. Experience in developing, documenting and maintaining security policies, processes, procedures and standards. Knowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts. Audit, compliance or governance experience is preferred Soft Skills Strong analytical skills to analyze security requirements and relate them to appropriate security controls. Ability to interact with Montefiore's personnel at all levels and across all business units and organizations, and to comprehend business imperatives. Strong leadership abilities, with the capability to develop an information security team and guide team members and to work with only minimal supervision. EDUCATION: Minimum of seven years' IT OR network security experience. Bachelor's degree in information systems or equivalent work experience. Certification from ISC2, ISACA, SANS or equivalent. Department: Montefiore Information Technology Bargaining Unit: Non Union Campus: YONKERS Employment Status: Regular Full-Time Address: 4 Executive Blvd, Yonkers Shift: Day Scheduled Hours: 8:30 AM-5 PM Req ID: 102796 Montefiore is an equal employment opportunity employer. Montefiore will recruit, hire, train, transfer, promote, layoff and discharge associates in all job classifications without regard to their race, color, religion, creed, national origin, alienage or citizenship status, age, gender, actual or presumed disability, history of disability, sexual orientation, gender identity, gender expression, genetic predisposition or carrier status, pregnancy, military status, marital status, or partnership status, or any other characteristic protected by law. LI-KK1-REDIRECT; SF-DICE-MIT - provided by Dice
Associated topics: attack, cybersecurity, identity access management, idm, information assurance, information technology security, malicious, security, security analyst, security officer

You may be interested in these similar jobs!
Senior Production Engineer
Triple H Construction in Jamacia, NY

Job title: Senior Production Engineer Salary: …

Read More
POSITION WITH A FUTURE
VALUETRANS EXPRESS INC in New York, NY

Successful applicant must be a neat, literate, RESPONSIBLE adult with good manners,, motivated to work and learn the workings of the company and have…

Read More
INFORMATION SECURITY ENGINEER - 3907
Montefiore Medical Center in Yonkers, NY

Montefiore, the University Hospital for Albert Einstein College of Medicine, is one of healthcares most wired hospitals, widely recognized by the Hos…

Read More
IT Security Engineer - Equinox Fitness Clubs
Equinox in New York, NY

Job DescriptionEquinox Fitness is seeking an exceptional IT Security Engineer who will manage the IT Security Architecture and Security Operations fo…

Read More
Cloud Security Engineer
CyberCoders in New York, NY

Cloud Security Engineer Based in New York City, we are an innovative cloud security company aimed at providing more secure solutions for the fintech …

Read More
Security Engineer (300-500k total comp!) with Data Encryption, Scripting, Java or Python implementations, Security Products (such as PingFederate), Top Financial Firm!
Archer I.T., LLC in New York, NY

A Top Private Wealth Management firm is looking for a Senior Security Engineer with Heavy Data Encryption, Scripting skills and previous implementati…

Read More
Information Security Engineer
SCORE Silicon Valley in New York, NY

Job Description Important Note: During the application process, ensure your contact information (email and phone number) is up to date and upl…

Read More
Information Security Engineer - Cloud & Virtualization Security
SCORE Silicon Valley in New York, NY

Job Description Important Note: During the application process, ensure your contact information (email and phone number) is up to date and u…

Read More
Principal Information Security Engineer
CyberCoders in New York, NY

Principal Information Security Engineer If you are a Lead Security Engineer with experience, please read on!Title: Lead Security EngineerLocation: Ne…

Read More
Information Security Engineer 4
Wells Fargo in Middle Village, NY

Job DescriptionImportant Note: During the application process, ensure your contact information (email and phone number) is up to date and upload your…

Read More
Principal Network Security Engineer (Palo Alto)
CBS Corporation in New York, NY

REF#: 33203 CBS BUSINESS UNIT: CBS Corporate JOB TYPE: Full-Time Staff JOB SCHEDULE: Full-Time JOB LOCATION: New York, NY ABOUT US: ViacomCBS is a le…

Read More