Ensure computer assets, protected health information, personal identifiable information, and other intellectual property are protected while maintaining compliance obligations to HIPAA/HITECH/PCI-DSS and Sarbanes-Oxley (SOX). Conduct audits with internal and external auditors and make recommendations as needed to improve compliance and the security culture. Be fully accountable for the management, maintenance and configuration of endpoint security protection, intrusion prevention/detection systems, vulnerability management systems, data loss prevention, and others. Assist in the development of VITAS’s security metrics program. Work closely with the IT and Technical Services teams to identify, document and mitigate security risks related to Authentication, Authorization and Accounting across all assets.. Enforces authorized access by investigating improper access; revoking access; reporting violations; recommending improvements. Monitor and escalate security incidents discovered throughout the organization. Investigate and document incidents as needed to ensure the confidentiality, integrity and availability of business critical systems and data protection. Monitor and review user provisioning for account databases. Maintain, monitor and review database auditing reports. Configure and automate consistent security alerting and reporting capabilities for network, application and host-based security systems Help protect network boundaries, keep computer systems and network devices hardened against attacks and provide security services to protect highly sensitive data like passwords and customer information. Work hands-on with network equipment logs and actively monitor our systems for attacks and intrusions. Work with software developers to proactively identify and fix security flaws and vulnerabilities. QUALIFICATIONS Minimum five years’ work experience in information technology and/or information security, preferably in the healthcare industry. Must possess a highly technical and analytical background. Operational knowledge of current information systems technology and security assessment in a variety of platforms. Knowledge of networks; network operating system, firewalls, penetration testing and vulnerability assessment tools is required. Experience with Netflow analysis and configuration Knowledge of virtualization Security Standards a plus. Experience with Mobile Device Management solutions Solid understanding of Active Directory. Strong understanding of database security. Strong understanding of SOX, PCI-DSS and HIPAA/HITECH requirements. Understanding of database redaction and auditing tools is a plus Familiarity with other types of auditing tools. Should have an understanding of SOX, HIPAA,HITEC and PCI-DSSstandards.. Detail, task oriented and ability to work on various assignments simultaneously. Ability to communicate tactfully, verbally and in writing with business users, managers and coworkers. Programming or powershell experience a plus but not required Linux/Unix platform knowledge is required.

Preferred Qualifications

5 years or more of relevant work experience analyzing the security of systems (penetration testing, Web Application security testing, vulnerability scanning, threat modeling, etc.). General security background in the use of cryptography, network/systems/physical security, authentication, authorization and usability. Knowledge of current threats, vulnerabilities, exploits (network-based and system-level) and mitigation methods. EDUCATION Bachelor’s degree in computer science or related field from an accredited college required.   Certification as a Certified Information Systems Security Professional (CISSP) and/or Systems Security Certified Practitioner (SSCP) is desirable. SPECIAL INSTRUCTIONS TO CANDIDATES EOE/AA M/F/D/V