Information Security Engineer

Your opportunity As an Information Security Engineer, you play a critical role in designing and implementing security mechanisms to protect Vytalize data and information systems. Responsibilities involve assessing risks, designing information system security architecture. Performing regular control assessments to identify control deficiencies and coordinating security risk assessments across the ecosystem, audits or information security program certifications. Conducting third party information security risk assessments. Working as a team to respond and manage information security events. What You Will Do Incident Response • Assist in the testing of the incident response plans to effectively address and mitigate security breaches or compliance violations. • Assist in the testing of the business continuity plans and disaster recovery plan to effectively sustain business process and to effectively restore the operability of a system, application, or infrastructure to effectively restore the operability of a system, application, or infrastructure during and after a cyber incident disruption. • Responding and resolving information security events and escalation. Security Architecture Design • Evaluate and assess security technologies, tools, and solutions to determine their suitability and effectiveness in addressing the organization's security needs. • Design cloud security strategies, and implement controls to protect data, applications, and infrastructure hosted in the cloud. • In coordination with the information security team, design security architecture to protect an organization's entire IT infrastructure, including networks, systems, applications, and data that align with business objectives and compliance requirements. Risk Assessment and Audits • Maintain and monitor the cyber security risk register with the risks, risk ratings, risk mitigation strategies and action plans. • Assist with data gathering and coordination with the various teams for audits and risk assessments. Training and Awareness • Monitor the training campaigns to demonstrate the effectiveness of the training program and improve phishing detection and response. Supplier Risk • Conduct vendor risk assessments to identify and document potential supplier cyber security risks, threats, and vulnerabilities for management approval. • Develop a process for third-party compliance requests monitoring and tracking and ensure timely completion Compliance Oversight • Collaborate with internal and external audit teams, providing documentation and evidence as needed to demonstrate compliance and adherence to the information security policies. • Develop and maintain a cyber security framework continuous assessment process to provide assurances that the controls in place are operating effectively. Vulnerability Management • Monitor remediation of the vulnerability assessment findings, including penetration test, Collaboration and Communication Collaborating with cross-functional teams • Communicate security risks, issues, and recommendations to senior management and stakeholders. What will make you successful here • Work experience in the healthcare information security field. • Previous Health Information Technology (HIT) experience implementing controls to meet federal security and privacy regulations. • 3+ years of relevant work experience in IT security in a complex enterprise environment, preferred. • Demonstrated knowledge of information technology processes, risks, infrastructure, and information security. • Experience with incident response and vulnerability management. • Knowledge of Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health (HITECH), and Payment Card Industry Data Security Standards (PCI DSS). • Experience with information security assessments and audits. • Strong written and verbal communication skills • Effective collaboration with stakeholders across departments and affiliated organizations. • Ability to analyze information system security design and recommended configuration. • Detailed oriented. • Preferred expertise in security assessment methodologies. • Ability to work effectively in a complex enterprise environment. Perks/Benefits • Competitive base compensation • Annual bonus potential • Health benefits effective on start date • Health & Wellness Program; up to $300 per quarter for your overall well-being available on start date • 401K plan effective on the first of the month after your start date; 100% of up to 4% of your annual salary • Unlimited (or generous) paid "Vytal Time", and 5 paid sick days after your first 90 days • Company paid STD/LTD • Technology setup • Ability to help build a market leader in value-based healthcare at a rapidly growing organization • Please note at no time during our screening, interview, or selection process do we ask for additional personal information (beyond your resume) or account/financial information. We will also never ask for you to purchase anything; nor will we ever interview you via text message. Any communication received from a Vytalize Health recruiter during your screening, interviewing, or selection process will come from an email ending in @vytalizehealth.com • We fully embrace the power of AI and encourage innovative, responsible use of emerging technologies in our work. However, during the interview and assessment process, it’s essential that we evaluate your individual skills, problem-solving ability, and technical mastery without external assistance. Candidates must complete all interviews and assessments independently. Use of AI tools, platforms, or automated assistance during interviews or assessments is not permitted. Unauthorized use will result in immediate disqualification from the hiring process and withdrawal of employment consideration. Our goal is to ensure a fair and accurate assessment of your true capabilities—the same creativity and critical thinking we value once you join our team. Apply tot his job