IT Security Engineer
Location: Des Plaines
Posted on: January 10, 2022
You are known for your complex problem-solving abilities and
creative mind, aiding in your ability to anticipate potential
threats and design systems to preempt them. You lead with
credibility and independence - empowering teams to meet business
and IT security goals. You have rock solid integrity,
confidentiality and cultivate an environment of trust on behalf of
patients, healthcare providers, employees and administrators and
nurture a culture of compliance by leveraging your in-depth
knowledge of HIPAA/HITECH, PCI, GDPR and other regulatory and legal
standards. You have risk and compliance control and hands-on
experience with security and architecture of infrastructure
If this sounds like you, read on!
The IT Security Engineer leads data security standards, driving the
security strategy and implementations resulting in safeguarding the
organization's protected health and other confidential or sensitive
information from security threats and cyber-hacking. This role is
responsible for the operational compliance to HIPAA/HITECH, PCI,
GDPR, and similar standards and regulations. This position serves
as a trusted advisor to the Director, CIO, and the Academy senior
management team to establish information security standards,
recommendations, and controls as an integrated part of strategic
growth planning and ongoing process improvement.
Devises strategies and implements IT solutions to minimize the risk
of cyber-attacks. Coordinates external audits and IT security risk
assessments and provides recommendations to minimize threats.
Maintains compliance with the latest to HIPAA/HITECH, PCI, GDPR
regulations and requirements by adhering to industry standard
cyber-security frameworks. Tracks the latest IT security
innovations and keeps abreast of cyber threats and security
technologies. Communicates with key stakeholders about IT security
Leads incident response situations when cyber threat actors are
detected and active based on the AAOS Incident Response
Develops and maintains data security and privacy policies and
procedures related to the proper handling and use of confidential
information across the organization. Ensures that business
processes incorporate the proper audit controls that demonstrate
compliance with policy.
Coordinates regular training and education of Academy staff in
information security methods and controls to maintain compliance.
Champions and educates the organization about the latest security
strategies and technologies.
Responds to security assessment questionnaires from stakeholder
institutions. Implements an effective process for the reporting of
security incidents. Oversees the investigation of reported security
breaches and develops strategies to handle security incidents and
trigger investigations. Manages vendor relationships with security
experts and advisors.
Implements Risk Management program to conduct a continuous
assessment of current IT security practices and systems and
identifies areas for improvement. Delivers new security technology
approaches and the implementation of next generation solutions.
Provides leadership to the technology team and developing staff.
Tracks remediation of risks in central risk register and meet with
leadership teams to align on progress of improving the
organization's security posture.
Ensures that proper monitoring of security vulnerabilities and
hacking threats in computers, networks, cloud, and hosted systems
is in place. Provides leadership to ensure business continuity in
the event a security breach occurs, or a disaster recovery plan is
Implements Third Party Vendor Risk Management Program. Assesses
Third party vendors, reviews contractual security language, and
implements process to hold vendors accountable after they
experience security breaches.
Supports and participates in legal/privacy contract negotiations
with Third Party vendors.
Implements Continuous Monitoring to reassess third parties on a
Implements/manages GRC tool to track and assess risks.
Implementation/documentation of exception process.
Governance over identity access management requests and firewall
Exemplifies the following essential values of the Academy:
Teamwork : Effective collaboration and team-focus to solve complex
problems and drive innovation.
Empowerment: The authority, information, and skills to make
decisions and drive results.
Accountability : Ownership of process and results that drive
decisions and ensure implementation.
Mindset of Growth/Continuous Learning : - Focused on and invested
in self and staff development to become more adaptable, making the
Academy more agile, innovative, and sustainable.
Leadership skills - capable of empowering and leading teams to meet
business and IT security goals
Ability to adapt to a fast-moving/heavy lift IT landscape and keep
pace with latest thinking and new security technologies
Excellent communication skills - providing verbal and written
communication that is outstanding to both direct reports and senior
management as well as other stakeholders
Flexible and adaptable - capable of changing direction where
required and showing flexibility to meet new demands
Ability to develop and carry out information security plans and
Creative thinking - able to look at alternatives and consider new
ways of thinking to problem solve
Multi-tasking - can manage several concurrent projects and
Bachelor's degree is required in computer science or similar.
Information security certification required or currently pursuing
with a specific date for certification.
Must possess a strong working knowledge and understanding of
Must possess excellent analytical and planning skills
Must possess excellent written and verbal communication skills as
well as demonstrated presentation, organizational, facilitation,
and problem-solving skills
Provide awareness training of the workforce on information security
standards, policies and best practices including conducting and
reporting on quarterly email phishing campaigns.
Manage and lead security incident response efforts
Monitor networks and systems for security breaches, utilizing
technology that detects intrusions and anomalous system
A minimum of 5 years IT security experience or proven comparable
recent information security experience in a leadership role
Technical Security resource for Office of General Counsel and
Corporate Compliance and Integrity
Azure and cloud platform as a service (PaaS, IaaS, and SaaS)
Endpoint security solutions, including file integrity monitoring
and data loss prevention
Planning, researching and developing security policies, standards
Knowledge of risk assessment tools, technologies and methods
Expertise in anti-virus software, IDS/IPS, firewalls, SIEM, and
Expertise in designing secure networks, systems and application
Demonstrated knowledge of the latest IT thinking and threat
modelling methods together with a creative drive
Change management and business process experience is ideal together
with a proven track record of driving large-scale change
A proven record of dealing with complex projects and meeting
If this describes YOU, please apply by sharing the -following:
-Clearly communicate why you are the ideal candidate for this role,
providing specific examples and experiences as proof points.
-Attach your resume, cover letter and any additional materials that
support your application.
This position is based in Rosemont, Illinois and is open to
applicants who are able to relocate to commuting distance to that
office. Alternatively, the position may be performed remotely and
is open to applicants in any U.S. state other than California,
Colorado, Montana and New York.
AAOS requires all employees to be fully vaccinated against
COVID-19. An applicant (i) who is disabled -or -who has a
qualifying medical condition that contraindicates a COVID-19
vaccination, or (ii) who objects to being vaccinated on the basis
of a sincerely held religious belief, observance or practice may
request -a reasonable accommodation. This determination will be
made on a case-by-case basis and in accordance with applicable law
-and public health guidance. Any medical information concerning an
applicant's disability will be treated as a confidential medical
record in compliance with applicable federal, state and local laws.
- -Exemptions from the vaccine policy may also be provided to fully
remote positions that do not involve any business travel or
in-person work activities.
Keywords: AAOS, Des Plaines , IT Security Engineer, Engineering , Des Plaines, Illinois
Didn't find what you're looking for? Search again!