RESPONSIBILITIES I. JOB SUMMARY/RESPONSIBILITIES: • Supports and maintains The Queen’s Health Systems’ (QHS) information security program. • Actively promotes awareness and training of QHS Security Policies and related security topics. • Key responsibilities include but is not limited to the following: o Management and support of QHS’ information security technical controls, programs and policies. o Support QHS initiatives and projects by providing information security-related consultation and technical assistance. o Leads or assists in the design, planning, and implementation of security measures to ensure safety and security of all information systems assets and to enhance the security posture of the organization. o Serves as a subject matter expert in support of security risk management and the IT Risk Management Program. • Works closely with leadership, including the privacy, risk and compliance functions, to ensure compliance with regulatory requirements. II. TYPICAL PHYSICAL DEMANDS: All essential, designated by frequency. • Continuous: seeing, speaking, repetitive arm/hand motions, sitting, static gripping of an object for prolonged periods. • Frequent: standing, sitting, walking, finger dexterity, hearing. • Occasional: stooping/bending, carrying usual weight of 12 pounds, reaching above shoulder level. • Operates computer equipment and copy machines. III. TYPICAL WORKING CONDITIONS: • Not substantially subjected to adverse environmental conditions. • Work schedule includes providing 24 hours/7 days a week support as required. IV. MINIMUM QUALIFICATIONS: EDUCATION/CERTIFICATION AND LICENSURE: • Bachelor’s degree in Information Technology (IT) or related field; or four (4) years experience in information technology and/or information security may be substituted for the educational requirement. • Current certification in at least one (1) of the following highly preferred: o Global Information Assurance Certifications (GIAC) o Certified Ethical Hacker (CEH) o Certified Information Security Manager (CISSP) o Certified Information Security Manager (CISM) B. EXPERIENCE: • In addition to the educational requirement, four (4) years of information security experience, preferably in healthcare, demonstrating in-depth knowledge and ability to independently design and manage complex security controls and processes. • Experience to demonstrate the following IT Security Management experience: o SIEM management and reporting o Incident Response/Management o Threat & Vulnerability Management o Security appliances & tools including IDS, IPS, web/e-mail filtering, DLP, etc. o Expertise with offensive tools such as: Metaspoit, Kali Linux, Cobalt Strike, Mimikatz or a similar tool. o Technical expertise in system security vulnerabilities and remediation techniques, network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, etc.). o Demonstrated ability to create complex scripts, develop tools, or automate processes in Python or other relevant command languages. o Highest level of technical expertise in cybersecurity, including deep familiarity with relevant penetration and intrusion techniques and attack vectors. Equal Opportunity Employer/Disability/Vet