Sr Engineer, Info Sec - Vulnerability/Risk Assessments - Azure - RemoteMolina Healthcare United States Job ID 2008408
Responsible for ensuring Molina compliance with both regulatory and company Information Security policies. Conduct various types of Information Security compliance and risk assessments. Monitor compliance by internal business units with security standards and policies. Maintain an awareness of state, federal, and company-established Information Security regulations/policies. Able to work with all levels of staff, management, and third-party service providers to identify and resolve areas of non-compliance.
• Work on a project basis to address Molina compliance as mandated by PCI DSS, Cloud Security (CSA), HIPAA, and Federal & State Regulations as well as new regulatory and/or company-established requirements.
• Conduct security compliance assessments based on industry security standards and internal risk management policies.
• Conduct security compliance testing to verify corporate security controls meet the latest requirements.
• Conduct cloud security assessment to ensure overall security of the cloud computing environment.
• Execute Molina's HIPAA Security Compliance Program, including perform assessments of new and existing application systems, and provide monitoring of remediation efforts by the business units.
• Work with Molina IT groups and business owners to ensure new and existing application systems comply with mandated regulations and Molina IT security policies.
• Evaluate and provide recommendations to IT teams and third parties on how to address areas of non-compliance.
• Maintain an awareness of state and federal regulations & legislation and other governing requirements.
• Independently manage multiple priorities and projects.
• Knowledge of TCP/IP, Network security, Cyber Security best practices, Server Hardening, Endpoint Security, Encryption of data-at-rest and data-in-transit, Identity Management/Access Control, Active Directory, Windows server, Linux, databases, vulnerability/patch management, SDLC, OWASP Top 10, and other network/system security fundamentals and best practices.
• Excellent verbal and written communication skills.
• Ability to maintain attendance to support required quality and quantity of work.
• Ability to establish and maintain positive and effective work relationships with coworkers, clients, members, providers and customers.
• Performing project management tasks as necessary, including working with various stakeholders to track and ensure timely completion of compliance-related efforts.
• Coordinate with both business and IT stakeholders to align compliance requirements with business objectives.
• Utilizing technical knowledge of various IT technologies and security implementations to continue to improve and mature processes.
• Providing security recommendations as needed to maintain compliance with company policy requirements, Cloud Security framework, NIST, HIPAA, etc.
Bachelor's degree in Information Systems, Cyber Security and/or related field (or equivalent work experience).
• Minimum 5 years in IT Security, Server engineering, IT compliance, vulnerability management and/or other relevant information security and risk management.
• Previous experience in performing assessments against PCI DSS, Cloud Security (CSA), NIST, HIPAA or other State & Federal regulations.
• Strong research, analytical, and problem solving skills. Highly developed communication skills including preparing and presenting results, findings, recommendations and influencing management decision making based on the best available data
• Familiarity with Information Security control areas, including, but not limited to, Active Directory/Group Policies, database, data encryption, vulnerability scanning/remediation, networking, server hardening, access control, physical security, application security, endpoint security, Azure, Windows/Linux, etc.
• Identification of new and relevant changes to regulations impacting the compliance of the organization.
• Work with minimal supervision to perform required job responsibilities.
• Excellent written and verbal communication skills with all levels of staff.
• Any other duties as assigned by management.
Desired Qualifications, Education and Experience Requirements:
CISA, CISM, CISSP
• PCI Internal Security Assessor (ISA) or Qualified Security Assessor (QSA).
• One or more of the following certifications: CISA, CISM, CISSP.
• Performing IT security compliance assessments/audits within the Healthcare industry.
To all current Molina employees: If you are interested in applying for this position, please apply through the intranet job listing.
Molina Healthcare offers a competitive benefits and compensation package. Molina Healthcare is an Equal Opportunity Employer (EOE) M/F/D/V.
Molina Healthcare is a nationwide fortune 500 organization with a mission to provide quality healthcare to people receiving government assistance. If you are seeking a meaningful opportunity in a team-oriented environment, come be a part of a highly engaged workforce dedicated to our mission. Bring your passion and talents and together we can make a difference in the lives of others. Molina Healthcare offers a competitive benefits and compensation package. Molina Healthcare is an Equal Opportunity Employer (EOE) M/F/D/V.Job Type: Full Time Posting Date: 06/03/2021