Information Security Engineer

Location: Washington, DC
Date Posted: 09-05-2018
POSITION SUMMARY:
Under limited supervision by the Director of Technology and the Chief Information Security Officer, the Information Security Engineer will be responsible for the cyberdefense function of HUH. He or she will contribute to the selection, deployment, and operation of cyberdefense technologies, including firewalls, monitoring tools, malware detection, and log analysis tools across HUH. He or she will be an expert in the adoption of cybersecurity frameworks (e.g., NIST, HITRUST, FISMA, and ISO) and regulations specific to healthcare (e.g., HIPAA and HITECH). He or she will contribute to enterprise policies related to data use, network access, and appropriate use of computer equipment.
 
REPORTING SUMMARY
No direct reports
 
NATURE AND SCOPE
Internal contacts may include senior administrators, faculty, physicians, nurses, other clinicians, and staff. External contacts may include partners, regulators, vendors, and contractors.
 
PRINCIPAL ACCOUNTABILITIES:
Conduct cyber security audits, penetration tests, and investigations of cybersecurity incidents.
 
Responsible for coordinating cyber threat mitigation activities, security breach detection, containment, and restoration activities and contribute to HUH’s disaster response plan.
 
Develop and disseminate information security awareness training materials and develop and deliver class- room training for employees.
 
Provide front-line response to detection systems and alarms
 
Investigate malware, targeted attacks, intrusion attempts, and vulnerabilities
 
Drive continuous improvement of response capabilities through automation and critical thinking
 
Participate in the development, documentation, implementation and evaluation in security policies, guidance and procedures
 
Assumes other duties and responsibilities that are related and appropriate to the position and area. The above responsibilities are a general description of the level and nature of the work assigned to this classification and are not to be considered as all-inclusive.
 
ORGANIZATIONAL EXPECTATIONS:
Promotes adherence to the Health Sciences Compliance Program, the Howard University Code of Ethics and the Health Sciences Standards of Conduct.
 
Attends annual and periodic mandatory Compliance Program training including the Health Insurance Portability and Accountability Act (HIPAA) Privacy training.
 
Participates in activities that promote adherence to federal healthcare program requirements. Actively participates in Health Sciences Compliance Program activities.

Adheres to the requirements of the HIPAA Privacy Policies and Procedures. Maintains confidentiality of patients, families, and staff.
 
CARES CRITERIA:
Must demonstrate collaboration; accountability; respect; excellence; and service.
 
Works with team members and peers in and outside of their immediate work group to create an exceptional experience for patients, students and other visitors; looks for ways to achieve departmental/institutional results by partnering.
 
Accepts responsibility for his/her actions to provide health care and or ancillary functions in a highly efficient and compassionate manner. The employee must function as a Steward (Have Ownership) of the Howard values that foster a commitment to improving the patient and student experience, organizational efficiency and the environment.
 
Embraces diversity; cares holistically for those we serve; treats all as we would like to be treated; manages the patient’s right to privacy with meticulous care 100% of the time and keeps patient and proprietary information about the institution confidential.
 
Anticipates the patient’s and student’s needs, presents as a model representative of the institution and maintains high standards of care while striving to improve performance and create exceptional experiences for our customers.
 
Behaves in a friendly, resourceful and professional manner towards all they encounter; treats patients, students and visitors in the same way that they would want their family members or themselves to be treated.
 
CORE COMPETENCIES
Knowledge of various enterprise software technologies used in an acute care hospital Critical and analytical thinking skills
Excellent collaborating and negotiation skills
 
Must have excellent written and verbal skills. Must be comfortable making formal presentations to senior management and executive level clients.
 
Proficiency in the operation of computers, related software applications (word-processing, spreadsheets, databases, graphic presentations, as well as other standard office equipment information systems, etc.) and standard office equipment.
 
Familiarity with project planning methodology and willingness to work in a team environment to complete projects in a timely fashion.
 
Must work independently on broad assignments and be capable of making decisions both involving projects as well as ongoing troubleshooting.
 
Ability to exercise discretion and ensure a high level of confidentiality.
 
Strong interpersonal skills and emotional intelligence.
 
Ability to work independently or as part of a team with a “roll up your sleeves” attitude. Competence in both oral and written English.

Ability to establish and maintain effective and harmonious work relationships with staff, physicians, Hospital and University officials, and the general public.
 
MINIMUM REQUIREMENTS
B.S. in Computer Engineering, Computer Science, or other similar area. At least two (2) years of experience in managing information security for a complex organization.
 
Knowledge of healthcare security and privacy regulations (HIPAA/HITECH).
 
Advanced knowledge of at least one information security framework (e.g., NIST, HITRUST, FISMA, ISO).
 
Certified Information Security System Professional (CISSP) certification and Healthcare experience are major pluses.
 
Must be able to stand, walk, sit, lift (12-25lbs), bend, write, type, file, speak, hear, see, calculate, compare, edit, evaluate, interpret and organize for extended periods of time.
 
this job portal is powered by CATS