IT Security Assessor
Location: Boca Raton, Florida US
Job Number: 1235
Position Title: IT Security Assessor
The IT Security Assessor will play a key role in assessing and enhancing the organization's compliance with regulatory compliance and cyber security. You will be responsible for coordinating and managing compliance assessments and their activities, developing remediation strategies, and assessing mitigated controls. This includes preparing reports and presentations for executives and other stakeholders.
Essential Job Functions:
- Develop test procedures and/or document recommendations for test plan modifications that improve validation of control objectives. Test procedure development may cover a wide range of technically diverse topics ranging from IP Network Discovery, password length and complexity requirements, vulnerability management, and many others.
- Perform multi-platform (cloud, application, database, operating system, middleware, monitoring tools, and business processes) level audits based on predefined test objectives and test plans. Perform retest of controls that have been remediated or updated as a result of previously identified deficiencies. Obtain, review, and interpret evidence provided to validate controls are performed effectively.
- Prepare, plan, conduct, and report on results of IT compliance.
- Obtain, review, and interpret organizational IT policies, standards, and procedures to identify control points that would assist in mitigating risk to the business.
- Review test results or interpret evidence to address vulnerabilities, gaps, or control deficiencies; work with stakeholders to establish plans for sustainable resolution.
- Identify risks associated with control failures and supports the identification of mitigating controls.
- Perform other tasks as necessary to ensure that the compliance meets its commitments to stakeholders.
- May provide consultative direction to less experienced stakeholders.
- Support the Director of IT Security, as needed.
- Advanced knowledge of cyber/information security management policies and procedures, HIPAA/HITECH regulations and governance processes, information systems and network security
- Advanced knowledge of risk management techniques, technological trends and developments in cyber/information security, systems/software development, engineering, integration, testing and evaluation and operating systems.
- Advanced working knowledge of applicable and accepted security standards and framework (NIST, CSF, etc.).
- Advanced knowledge and understanding of regulatory and compliance requirements such as HIPAA, HITECH, PCI etc.
- Advance knowledge and skillsets to develop sustaining cybersecurity solutions (tools, process, controls, etc.) to reduce risk across the entire land scape of the company.
- Working knowledge of Office 365, athenahealth EHR, NextGen, networked medical devices and other software and technologies supporting telehealth and clinical settings.
Bachelor's Degree in Computer Science, Healthcare Information Technology, or relevant field or equivalent knowledge and skills obtained through a combination of education, training and experience required.
- Experience / Training:
- Minimum of five (5) years of experience in IT, information security, cyber risk management, compliance or a related field required; of which at least 3 years' experience in information security is required.
- Healthcare experience preferred.
One or more relevant information security-related certifications preferred. Examples include: CISSP, CISA, HCISPP, CCSP, CRISC, CISM, CGIH, GCFA, GNFA, GPEN, GSEC, QSA and CEH.
City: Boca Raton
Community / Marketing Title: IT Security Assessor
Unified Women’s Healthcare is a company dedicated to caring for Ob-Gyn providers who care for others, be they physicians or their support staff. A team of like-minded professionals with significant business and healthcare experience, we operate with a singular mindset - great care needs great care. We take great pride in not just speaking about this, but executing on it.
As a company, our mission is to be an indispensable source of business knowledge, innovation and support to the practices in our network. We are advocates for our Ob-Gyn medical affiliates – enabling them to focus solely on the practice of medicine while we focus on the business of medicine.
We are action oriented. We strategize, implement and execute – on behalf of the practices we serve.
EEO Employer Verbiage:
We offer a competitive salary and an excellent benefit package that includes health/dental/life/STD/LTD/vision insurance, paid time off, and 401(k) plan. This company is a drug-free workplace and an Equal Employment Opportunity employer.