Security Engineer III

Exemption Status:
United States of America (Exempt)

$126,143 - $176,600 - $227,057

"Pay scale information is not necessarily reflective of actual compensation that may be earned, nor a promise of any specific pay for any selected candidate or employee, which is always dependent on actual experience, education, qualifications, and other factors. A full review of our comprehensive pay and benefits will be discussed at the offer stage with the selected candidate."

This position is not eligible for Sponsorship.

MedImpact Healthcare Systems, Inc. is looking for extraordinary people to join our team!

Why join MedImpact? Because our success is dependent on you; innovative professionals with top notch skills who thrive on opportunity, high performance, and teamwork. We look for individuals who want to work on a team that cares about making a difference in the value of healthcare.

At MedImpact, we deliver leading edge pharmaceutical and technology related solutions that dramatically improve the value of health care. We provide superior outcomes to those we serve through innovative products, systems, and services that provide transparency and promote choice in decision making. Our vision is to set the standard in providing solutions that optimize satisfaction, service, cost, and quality in the healthcare industry. We are the premier Pharmacy Benefits Management solution!

Job Description
Summary:

The Information Security Engineer III develops, executes, and monitors enterprise-wide information security from policy through implementation across all Security departments including SECOPS, DEVSECOPS, Threat Analytics, and corporate subsidiaries. This position expands the duties of the Security Engineer II to include direct security support for departments in corporate subsidiaries with identified areas of need which require experienced oversight. This position is required to ensure that business information is secure from unauthorized access, protected from inappropriate alteration, and is physically secure. This "hands-on" position serves as the process owner for all ongoing security activities and is responsible for the protection of the confidentiality and integrity of client, employee, and proprietary business information in accordance with federal/state laws and regulations. Enforcement of and adherence to MedImpact's corporate policies and procedures is required by all Security team members.

Essential Duties and Responsibilities

include the following. Other duties may be assigned.

Participates in daily activities and reporting required for regulatory and contractual information security obligations. Coordinates tasks that are performed within the infrastructure (system administration, network administration, application support, etc.) for security updates and initiatives. Performs analysis, design and development of security features to enhance system architecture.
Coordinates enterprise security risk assessments to identify areas of vulnerability. Oversees the design, execution and testing of dynamic/static vulnerability assessments, penetration tests and security audits. Performs regular security audits and determines remediation for negative audit results. Works with 3rd party applications and companies to provide security assessments.
Develops, implements, and supports enterprise-wide information technology security policies, procedures, applications, and systems. Documents and maintains the program to ensure compliance with Federal and State regulations as well as external guidance (HIPAA, SOX, HITECH, HITRUST, and PCI).
Formulate and evolve risk-based matrixes to align information security threat management processes and technologies with overall business strategy.
Reviews system-related security plans throughout the network. Assists in the establishment of a security strategy program to include determining appropriate policy to meet regulatory compliance, risk identification and mitigation, security architecture and necessary infrastructure of the enterprise.
Leads efforts to proactively maintain and improve the automation, reliability, consistency, and the quality of existing IT security tools and environments throughout the organization. Takes a leadership role in the design, deployment, integration and configuration of security solutions or enhancements to ensure functionality.
Identifies deficiencies and weaknesses in existing threat management solutions and assists in developing the organization's overall strategy for managing cyber threat intelligence.
Leverages indicators to implement cost-effective countermeasures which mitigate threats in a timely and risk-prioritized fashion without negative impact to normal business operations
Ensures the confidentiality, integrity, security and availability of data residing on or transmitted to, from, or through the enterprise workstations, servers, application systems, and data repositories.
Initiates, facilitates, and promotes activities to create information security awareness. Disseminates and educates users on security policies and practices. Participates in regular security awareness training and updates to ensure consistent compliance with IT Security Policies.
Works cross-functionally and interacts with internal and external business units and stakeholders to support the enterprise business needs. Using an automated customer case request system, tracks and documents security service requests and completed cases.
Leads security incident investigations and provides on-going communication to security management. Identifies root causes of security events and proposes solutions; closes out and documents investigations. Ensures confidentiality and appropriate personnel are involved in the investigation.
Maintains up-to-date industry knowledge through formal/informal training, industry associations and research of latest technologies critical to the success of the company's information security program. Continuously works to identify and improve security solutions to defend the company against data security threats.
Apprises and keeps management aware of security issues; handles and/or escalates issues appropriately.
Provides IT Security consultative support to internal and external clients.
Manages IT related projects and assignments as assigned.

Supervisory Responsibilities
No supervisory responsibilities.

Client Responsibilities
This is an internal and external client facing position that requires excellent customer service skills and interpersonal communication skills (listening/verbal/written). One must be able to; manage difficult or emotional client situations; Respond promptly to client needs; Solicit client feedback to improve service; Respond to requests for service and assistance from clients; Meet commitments to clients.

Qualifications
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Education and/or Experience
B.S., Information Technology, Computer Science or related (or equivalent combination of education and experience) along with at least 10 years' related IT Security experience. M.S. degree preferred. Must have hands on hardware and software trouble shooting experience.

Computer Skills /Tools

- To perform this job successfully, an individual should have knowledge of Microsoft Office Suite.

Additional expertise is required in the following:
Endpoint Management Experience (BigFix, WSUS/SCCM, Symantec, Trend Micro, etc)
Identity and Access Management
Certificate Management
Patch Management (Windows and Unix)
Intrusion Detection and Prevention
Security Awareness Training
Mobile Device Management
EDR (Endpoint detection and response)
Web Content Filtering
Device Encryption
Vulnerability Assessment Tools
Firewall and VPN
Secure E-mail, Anti-SPAM
Webserver applications
Web API Service Security
Business Continuity (Disaster Recovery)
Compliance and Audit (HIPPA, HITRUST, SOX, and PCI a plus)
OS Administration (Windows and Unix)
Authentication and SSO
Container Security

Certificates, Licenses, Registrations
Security Certification strongly preferred
OWASP, ISSA, ISACA membership a plus

Other Skills and Abilities
Must have excellent analytical, problem solving and communication skills. Familiarity with SSAE, HITRUST, federal/state, HIPAA, PCI and regulatory requirements for information security. Must be able to work on a team and build good working relationships with team members and internal clients.
Must have good understanding of standard policies and procedures for information security.

Reasoning Ability
Ability to solve practical problems and deal with a variety of concrete variables in situations where only limited standardization exists. Ability to interpret a variety of instructions furnished in written, oral, diagram, or schedule form.

Mathematical Skills
Ability to work with mathematical concepts such as statistics, probability and performance analysis. Experience with business metrics and intelligence a plus.

Language Skills
Ability to read, analyze, and interpret general business periodicals, professional journals, technical procedures, or governmental regulations. Ability to write reports, business correspondence, and procedure manuals. Ability to effectively present information and respond to questions from groups of managers, clients, and customers.

Competencies
To perform the job successfully, an individual should demonstrate the following competencies:

Analytical - Synthesizes complex or diverse information; Collects and researches data; Uses intuition and experience to complement data; Designs workflows and procedures.
Project Management - Develops project plans; Coordinates projects; Communicates changes and progress; Completes projects on time and budget; Manages project activities.
Business Acumen - Understands business implications of decisions; Displays orientation to profitability; Demonstrates knowledge of market and competition; Aligns work with strategic goals.
Customer Service - Manages difficult or emotional customer situations; Responds promptly to customer needs; Solicits customer feedback to improve service; Responds to requests for service and assistance; Meets commitments.
Dependability - Follows instructions, responds to management direction; Takes responsibility for own actions; Keeps commitments; Commits to long hours of work when necessary to reach goals. Completes tasks on time or notifies appropriate person with an alternate plan.
Ethics - Treats people with respect; Keeps commitments; inspires the trust of others; Works with integrity and ethically; Upholds organizational values.
Interpersonal Skills - Focuses on solving conflict, not blaming; Maintains confidentiality; Listens to others without interrupting; Keeps emotions under control; Remains open to others' ideas and tries new things.
Judgment - Displays willingness to make decisions; Exhibits sound and accurate judgment; Supports and explains reasoning for decisions; Includes appropriate people in decision- making process; Makes timely decisions.
Problem Solving - Identifies and resolves problems in a timely manner; Gathers and analyzes information skillfully; Develops alternative solutions; Works well in group problem solving situations; Uses reason even when dealing with emotional topics.
Teamwork - Balances team and individual responsibilities; Exhibits objectivity and openness to others' views; Gives and welcomes feedback; Contributes to building a positive team spirit; Puts success of team above own interests; Able to build morale and group commitments to goals and objectives; Supports everyone's efforts to succeed.

Physical Demands
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this Job, the employee is regularly required to sit; use hands to finger, handle, or feel and talk or hear. The employee is occasionally required to stand; walk; reach with hands and arms and stoop, kneel, crouch, or crawl. The employee may occasionally lift and/or move up to 10 pounds. Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception and ability to adjust focus.

Work Environment
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this Job, the employee is occasionally exposed to risk of electrical shock. The noise level in the work environment is usually quiet to moderate.

Work Location
This position must work on-site at the San Diego Headquarters for purposes of providing adequate support to internal clients; being available for face-to-face interactions and coordination of work with other employees, colleagues, clients, or vendors; as well as for facilitation of quick and effective decisions through collaboration with stakeholders. Remote work is not an option for these purposes.

Working Hours
This is an exempt level position requiring one to work the hours needed to get the job done. Therefore one must have the flexibility to work beyond traditional hours and be able to work nights, weekends or on holidays as required. This may be changed from time to time to meet the needs of the business. Typical core business hours are Monday through Friday from 8:00am to 5:00pm.

Travel

- This position may require occasional domestic travel and attendance at various local conferences and meetings.

The Perks:
Medical / Dental / Vision / Wellness Programs
Paid Time Off / Company Paid Holidays
Incentive Compensation
401K with Company match
Life and Disability Insurance
Tuition Reimbursement
Employee Referral Bonus

To explore all that MedImpact has to offer, and the greatness you can bring to our teams, please submit your resume to www.medimpact.com/careers

MedImpact, is a privately-held pharmacy benefit manager (PBM) headquartered in San Diego,
California. Our solutions and services positively influence healthcare outcomes and expenditures, improving the position of our clients in the market. MedImpact offers high-value solutions to payers, providers and consumers of healthcare in the U.S. and foreign markets.

Equal Opportunity Employer, Male/Female/Disabilities/Veterans
OSHA/ADA:

To perform this job successfully, the successful candidate must be able to perform each essential duty satisfactorily. The requirements listed are representative of the knowledge, skill, and/or ability required.
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Disclaimer:

The above
statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified.
#J-18808-Ljbffr