Hennepin Healthcare is an integrated system of care that includes HCMC, a nationally recognized Level I Adult Trauma Center and Level I Pediatric Trauma Center and acute care hospital, as well as a clinic system with primary care clinics located in Minneapolis and across Hennepin County. The comprehensive healthcare system includes a 473-bed academic medical center, a large outpatient Clinic & Specialty Center, and a network of clinics in the North Loop, Whittier, and East Lake Street neighborhoods of Minneapolis, and in the suburban communities of Brooklyn Park, Golden Valley, Richfield, and St. Anthony Village. Hennepin Healthcare has a large psychiatric program, home care, and operates a research institute, philanthropic foundation, and Hennepin EMS. The system is operated by Hennepin Healthcare System, Inc., a subsidiary corporation of Hennepin County.

Equal Employment Opportunities: We believe equity is essential for optimal health outcomes and are committed to achieve optimal health for all by actively eliminating barriers due to racism, poverty, gender identity, and other determinants of health. We are committed to equitable care and working in an environment that celebrates, promotes, and protects diversity, equity, inclusion, and belonging. We are committed to bringing in individuals with new cultural perspectives to assist in creating a more equitable healthcare organization.

SUMMARY:

We are currently seeking an Information Security Engineer Senior to join our Information Security team.. This full-time role will work days. Primarily remote work but requires ability to report to campus last minute as needed.

Purpose of this position: The Information Security Engineer Senior is responsible for protecting the organization's digital information and computer network through the design, planning, implementation, and continued support of security measures to protect the organization's computer networks and systems. In addition to supporting the secure and compliant operations of the organization, the Information Security Senior Engineer will be expected to help identify, design, and implement new security controls based on needs and industry trends. A senior member of the Information Security team, this position requires a mindset aimed at safeguarding the organization's network assets, digital files, user accounts, PHI, and other sensitive information, as well as a continuous focus on improving the organization's security posture.

RESPONSIBILITIES

• Designs and implements Information Security controls and audits recommendations
• Leads the identification and remediation of risks, threats, and vulnerabilities
• Designs and conducts security and compliance assessments, including managing documentation and presentation of findings
• Identifies opportunities to operationalize and automate elements of IT security and security operations
• Leads efforts in the identification and remediation of risks, threats, and vulnerabilities
• Responsible for maturing the vulnerability management program
• Works independently to identify new vulnerabilities
• Leads and participates in security incident investigations, which may include assisting with malware containment and incident response
• Provides subject-matter expertise needed for the development and revision of existing and new IS&T security policies
• Partners with other IT teams and asset owners to mitigate vulnerabilities
• Stays abreast of the latest Information Security trends, threats, and vulnerabilities
• Provides direct end-user support for Tier 2 and 3 incidents
• Mentors and supports the development of members of the team
• Designs and implements Information Security controls and audits recommendations
• Leads the identification and remediation of risks, threats, and vulnerabilities
• Participates in external audits and assessments by collecting and providing requested evidence
• Actively participates in ongoing Risk Management efforts
• Represents Information Security at meetings, committees, and task forces
• Thinks outside the box and assists in creating multiple risk and compliance remediation options
• Responsible for the development, promotion, and maintenance of Information Security owned applications, such as a password vault, phishing simulator, authentication systems, 3rd-party risk management tools, etc.
• Leads and participates in IT projects as they relate to Information Security
• Maintains the Information Security Controls Catalog
• Leads / Facilitates 3rd party risk management assessments and ongoing vendor monitoring
• Participates in the Cyber Emergency Response Team
• Provides regular and off-hour on-call support as scheduled
• Other duties as assigned

QUALIFICATIONS:

Minimum Qualifications:

• 3-5 years working in technology/information security
• Bachelor's Degree

-OR-

• An approved equivalent combination of education and experience

Preferred Qualifications:

• Experience in HealthCare environments
• Experience with Biomedical devices and healthcare applications
• Red-Team / Penetration Testing experience
• Proficient in using Microsoft Office 365 tools
• Using APIs and developing information security tools
• Experience performing Azure/AWS Security Assessments

Knowledge/Skills/Abilities:

• Critical thinking and problem-solving skills
• Interpersonal skills and the ability to communicate with management, peers, and customers via reports, email, or verbal updates
• Experience evaluating information security risks
• Experience doing technical analysis of system vulnerabilities
• Excellent customer focus, including escalation handling and resolution
• Demonstrated ability to manage multiple priorities and deadlines
• Adaptable to changing priorities, tasks, and work schedules to meet customer service standards
• Effective written and verbal communication skills
• Experience leading projects
• Must be a self-starter, able to work under pressure, and be flexible in setting priorities
• Demonstrated ability to learn new technologies and systems quickly and provide instruction on complex processes
• Python and or PowerShell Scripting experience
• Mobile Device Security / MDM Solutions Management

License/Certifications:

• Certified CISSP or related security certification

-OR-

• Required to become certified with CISSP, or another security certification within 18 months of hire

You've made the right choice in considering Hennepin Healthcare for your employment. We offer a wealth of opportunities for individuals who want to make an impact in our patients' lives. We are dedicated to providing Equal Employment Opportunities to both current and prospective employees. We are driven to connect talented individuals with life-changing career opportunities, enabling you to provide exceptional care without exception. Thank you for considering Hennepin Healthcare as a future employer.

Please Note: Offers of employment from Hennepin Healthcare are conditional and contingent upon successful clearance of all background checks and pre-employment requirements.