This position will work with members of the Information Technology team with a focus on security governance and analytics, security audit, security incident remediation as well as risk assessments pertaining to company security controls for prospective customers.

Company Profile

Client is a growing medical device company that offers innovative implantable devices.

Primary Responsibilities:

• Complete security risk assessments from prospective health care providers for evaluation and onboarding of company products.
• Respond to and provide deliverables to management teams for external audits, such as SOX, ISO, SOC 2, penetration testing, phishing testing, and general controls audits.
• Documents audit findings, risks, recommendations, and manages resulting action plans.
• Works directly with departmental leaders to ensure end user compliance with IT and security standards.
• Manage security and event management software, including creating real-time alerts, reporting and dashboards primarily in MS365/Defender environment
• Responds to information security incidents and escalations
• Delivers and helps create information security training and policy
• Participate in project work; perform security specific project tasks; lead work streams.
• Lead and coordinate the activities of others within nature and scope of IT Security.

Required Qualifications:

• A bachelor’s degree or equivalent degree in a field of study related to the role.
• 5 years or more of experience in the security field
• Experience conducting and participating in security and risk auditing with SOC 2, ISO 27001 and HiTRUST audit work preferred
• Extensive experience working with MS 365 Security Center/Defender administration and controls
• Network, system or application design, MS Azure expertise, implementation, and monitoring experience
• Experience with MS365 Intune MDM device and policy management
• System administration with experience across multiple platforms and applications using PowerShell scripting
• Familiarity and use of assessment tools, risk management tools and methods
• SIEM experience, logging alerting, querying, dashboards, MS Sentinel
• Experience working with vendors, auditors, assessors, 3rd party partners, affiliate and subsidiary organizations.
• Strong communication and time management skills, ability to learn quickly

Preferred Qualifications:

• Prior participation in or responsibility for audits and assessments
• Healthcare/HIPAA experience; working with technology and software; strong business acumen
• Experience with security standards and cyber security frameworks, NIST, ISO
• Completed certifications & licenses or actively pursuing one or more industry related certifications – CISSP, CISM, CISA, CCFE, GIAC, CCIE, CCNA, CCSP, ABCP, MBCP