Information Security And Infrastructure Engineer
People. Passion. Purpose.
At P3 Health Partners, our promise is to guide our communities to better health, unburden clinicians, align incentives and engage patients.
We are a physician-led organization relentless in our mission to overcome all obstacles by positively disrupting the business of health care, transforming it from sickness care into wellness guidance.
We are looking for an Information Security and Infrastructure Engineer. If you are passionate about your work; eager to have fun; and motivated to be part of a fast-growing organization in Las Vegas, Nevada, then you should consider joining our team.
Information Security and Infrastructure Engineer is a security focused member of Information Services (IS) and a core member of our compliance and audit team and holds the role of Information Security Officer. Formulate and define information security scope and objectives based on both users’ needs and a good understanding of healthcare and regulatory requirements. Responsible for leading actions needed for any security risks, breaches, intrusions, and system abuse. Responsible for the design and implementation of security related infrastructure and applications. Conducts or is a liaison to third-party security reviews and audits and oversees any subsequent remediation projects generated from the reviews or audits. This position executes and maintains compliance with various business certifications and audits, e.g. HITRUST, HIPAA, SOC2, PCI, etc.
Education & Experience:
Bachelor's degree in information systems related field, information technology with a security or networking focus, or equivalent work experience
Minimum 2 year of experience in the areas of IT audits, Sarbanes-Oxley (SOX), SAS 70/SOC, IT Financial Audit Support or PCI or HITRUST Compliance
Experience designing and implementing infrastructure and applications
Strong verbal and written communication skills are required
Auditing network operating systems, network architecture and configuration standards as well as application controls
Experience with audit planning, execution, and in-charge responsibilities
Experience with performing technical IT audits or audits of IT controls that support financial or business operations
- Healthcare industry experience preferred
Essential Job Duties & Responsibilities:
Conducts and participates in security reviews, evaluations, and risk assessments, assisting in the development and implementation of appropriate recommendations.
Analyzes the organizations information security architecture, including hardware and software components, with the objective of standardizing security throughout the infrastructure.
Responsible for development and execution of security policies and procedures.
Engineers and constructs security infrastructure, including Security Information and Event Management (SEIM) system.
Responsible for vulnerability and penetration testing
Performing audit execution work and oversee the technical work of other personnel.
Provides technical expertise and support for security software, including operational aspects of the software.
Provides guidance, direction, and oversight for compliance with all federal, state, and local mandated information security laws, rules, and guidelines. Remain current with the latest industry technical information.
Performing research on technology products/trends and professional standards as it relates to IT controls and the IT Assurance profession.
Leads information security projects, including the development of project scope requirements, budgeting, and project planning.
Leads and coordinates security incidents, recoveries, breaches, intrusions and system abuses.
Holds the role and responsibilities of Information Security Officer (ISO)
Core team member that is responsible for executing and maintaining compliance of all business certifications and audits, including HITRUST, HIPAA, SOC2, etc.
Business Continuity and Disaster Recovery (BCDRP) planning, testing and execution.
Knowledge, Skills, & Abilities:
- High-energy team player with a positive attitude under pressure
- Ability to effectively express (through writing or spoken word) ideas and information to internal and external stakeholders using language that is appropriate to both the complexity of the topic and the knowledge and understanding of the audience
- Drafting reports and executive summaries on IT control issues for senior management personnel
- Ability to build strong relationships, gaining credibility and partnering with clients, internal customers, business leaders and peers
- Strong process and process-improvement orientation
- Knowledge of desktop computers, mobile devices, servers and associated operating systems
- Knowledge of networking equipment such as firewalls and routers
- Knowledge of security technologies and utilities including encryption, anti-virus, intrusion prevention, file-integrity monitoring, and logging