Senior Information Security Engineer

Current Saint Francis Employees - Please click HERE to login and apply.

Full Time

Job Summary: The Senior Information Security Engineer will lead the design, implementation, and management for the information security systems of Saint Francis Health System (SFHS), ensuring the protection of digital assets against cyber threats. This role will develop security policies, conduct regular security assessments, and lead efforts to respond to and mitigate security incidents.  

Minimum Education: Bachelor's degree in Computer Science, MIS, Cyber Security or related discipline. Five years of enterprise-level experience, in lieu of Bachelor's degree may be considered.

Licensure, Registration and/or Certification: Certified Information Systems Security Professional (CISSP), Certified Risk and Information Systems Control (CRISC), or Certified Information Systems Auditor (CISA), preferred.

Work Experience: Minimum 5 years of related experience. Experience within a healthcare environment, preferred.

Knowledge, Skills, and Abilities: In-depth knowledge of cybersecurity principles and practices. Knowledge of HIPPA, PCI, SOX, ISO, and NIST cybersecurity frameworks. Knowledge of intrusion detection and prevention systems, penetration testing, and vulnerability assessment. Knowledge of data loss prevention, anti-virus, and anti-malware software tools. Understanding of computer networking, TCP/IP, routing, switching, network protocols, and packet analysis tools. Excellent written, oral, and interpersonal communication skills. Analytical ability to solve both business and technical problems with a strong attention to detail. Ability to work independently and collaboratively in a fast-paced environment, managing multiple priorities with competing deadlines.

Essential Functions and Responsibilities: Serves as an advisor and provides information security risk insights and guidance to leadership. Leads the planning, implementation, management, monitoring, and upgrade solutions to defend against cyberattacks, hacking attempts, and threats. Defines, implements, and enforces information security policies, strategies, and procedures that align with healthcare laws and regulations such as HIPPA. Conducts and supports targeted risk assessments by determining risk points and processes; reviews assessment results for vulnerabilities, gaps, control deficiencies, and work with stakeholders to establish plans for sustainable resolutions. Develops and manages the frameworks, processes, tools, and consultancy necessary for IT to properly manage risk and to make risk-based decisions. Schedules and maintains security operations management of operating systems, security applications and network infrastructure components. Advises on secure architecture across infrastructure, applications, and operational technology, establishing configuration standards for critical network components. Evaluates existing cloud-based security architectures, systems, and frameworks to identify weaknesses and areas for improvement ensuring that business and clinical software includes adequate security controls. Implements enhancements to security architectures to enhance resilience and mitigate emerging threats. Collaborates with the network team to ensure secure configuration and management of firewalls and security groups to prevent unauthorized access and monitor traffic. Maintains an effective information security awareness program and educates internal teams on best practices. Establishes and maintains metrics based on the information security framework established by SFHS.  Provides guidance and mentorship to junior information security team members.

Decision Making: The carrying out of non-routine procedures under constantly changing conditions, in conformance with general instructions from a supervisor.

Working Relationships: Leads others in the same work performed (does not supervise). Works directly with patients and/or customers. Works with internal and/or external customers via telephone or face to face interaction. Works frequently with individuals at Director level and above.

Special Job Dimensions: None.

Supplemental Information: This document generally describes the essential functions of the job and the physical demands required to perform the job. This compilation of essential functions and physical demands is not all inclusive nor does it prohibit the assignment of additional duties.

Information Technology - Information Security - Yale Campus

Location:

Tulsa, Oklahoma 74136

EOE Protected Veterans/Disability