Completes tasks designed to ensure security of the organization's systems and information assets. Protects against unauthorized access, modification, or destruction and develops IT security policies and standards. Works with end users to determine needs of individual departments. Understands internet architecture and firewall configuration to protect system security. May need to authorize user access and familiar with domain structures and digital signatures. Contributes to moderately complex aspects of a project. Work is generally independent and collaborative in nature.
Essential Duties and Responsibilities:
Continually assess the ability of the company’s systems and functionality to protect PHI, PII, IP, and Cardholder data according to applicable global regulatory and compliance standards
Ensure the sufficiency and appropriateness of security procedures, policies and safeguards as required by HIPAA, PCI-DSS, FDA, and GDPR.
Educate and train company personnel concerning the purpose and importance of security policies and procedures
Assess the risk of various security vulnerabilities and environmental factors
Conduct information security audits to verify the sufficiency and effectiveness of the company’s safeguards, standards, policies and procedures
Coordinate response to security incidents and ensure timely corrective and preventative actions
Develop procedures to monitor and manage security related complaints and incidents
Maintain all security related documentation and records
Recommend changes to information systems to improve the efficiency and effectiveness of security policies, procedures and safeguards.
Research security emerging technologies for applicability
Develop and maintain a Medical Device Security program
Education and Experience:
Minimum of seven years of experience in information security required. Bachelors Degree required. Degree in Computer Science or related field preferred. Certified Information System Security Professional (CISSP) preferred.
Knowledge and Skill Requirements/Specialized Courses and/or Training:
In-depth knowledge of Microsoft Windows networking and design, security, Local and Wide Area network design. Experience with servers, virtualization and storage systems.
2535 Washington Road, Suite 1110 Pittsburgh, PA, 15241Contact