• Experience working in the Healthcare industry conducting security risk assessments or IT audits using standardized processes such as NIST SP 800-30, ISO 27001, SOC 2, or similar
• Experience working with cybersecurity controls frameworks and data privacy regulations such as NIST SP 800-53, ISO 27001/2, HIPAA, CIS Controls, NIST CSF, HITRUST, GDPR, CCPA, or similar
• Excellent written and oral communication skills with an ability to effectively communicate security considerations to technical and non-technical audiences
• Detail-oriented and organized, with good analytical and problem-solving abilities
• Ability to manage and lead multiple complex projects in a fast-paced, dynamic operational environment, including ability to support flexible schedules for 24×7 crisis operations.
• Experience with tools including Vulnerability scanners,IPS/IDS, SIEM.
• Ability to identify issues, problems, and critical factors, and develop methods for corrective action
• Proven ability to learn, show autodidactic skills, work well with a team, manage stressful situations and show initiative.
• Established project management skills, Independently manage and complete projects without constant supervision from a direct manager
• Excellent understanding of, and experience in developing mitigation strategies to combat the risks associated with, current and emerging threats, vulnerabilities, and attack vectors used to compromise enterprise and critical infrastructure.
• 10+ years of Cyber Security experience with at least 5 years focusing on security operations, incident response or cyber threat investigations.
• Strong knowledge of SIEM technologies and hands-on experience with at least one of the following technologies: Splunk, Coralogix, QRadar.
• Minimum 7 years professional experience in audit, IT audit, cloud audit, risk management, IT security and / or similar compliance functions.
• Hands-on experience, scripting using automations tools (e.g. Torq)
• Strong Knowledge of security and control standards and frameworks such as HIPAA, HITRUST, NIST CSF & 800-53, ISO27001, SOC-2, PCI-DSS or similar frameworks - their use and assessment.
• Relevant security and/or risk certifications such as GIAC Certified Incident Handler (GCIH)/ EC-Council Certified Incident Handler (ECIH)/GIAC Certified Detection Analyst (GCDA)/GIAC Cloud Forensics Responder (GCFR)/GIAC Certified Detection Analyst (GCDA)
• Hands-on Experience working with AWS and GCP cloud environments.
• Experience handling security conversations and concerns from Healthcare customers.
• Experience with IT Security Assessments.
• At least 2 years of experience in security engineering, coding and scripting, Knowledge of SDLC methodology 

You will love this job if:

• You believe in the integration of Governance, Risk and Compliance activities that can empower a company to provide a compliant business model, manage significant risks to the business' goals and objectives, and provide accurate information to empower better decision making.
• You are a strong critical thinker and enjoy working on challenging problems.
• You enjoy partnering and collaborating with a range of business professionals.

• Manage local and support regional and global Governance, Risk and Compliance initiatives and activities.
• Lead and participate in HIPAA, ISO 27001,ISO 22301, HITRUST compliance assessment, evidence collection, and reporting.
• Lead and participate with Incident Response and Business Continuity to include running frontal training, senior management table-top exercises and live testing and improving the current state.
• Interact with cross functional teams and manage multiple projects simultaneously including deadlines ( such as annual penetration testing efforts, from scoping to finalized reports)
• Lead the Request for Information (RFI) process from importing the security questionnaire to the RFI platform until project completion, train other team members to create local “Champions”.
• Promote the compliance and security mindset: organize the development and delivery of required communication campaigns, awareness programs, phishing simulations and training for different focus groups and different internal and external stakeholders.
• Support the Director of Information Security as a liaison to senior executives on matters of cyber security and cyber risk, to foster the execution of cyber security as a business enabler.
• Collaborate with architects, DevOps/SRE, IT & security specialists to ensure required security solutions are in place throughout all IT systems & cloud platforms to mitigate identified risks sufficiently and to meet business objectives.
• Collaborate with DevOps/SRE, IT & security to plan, execute, manage and evaluate of their infrastructures using cutting-edge SIEM tools and technologies such as Splunk or Coralogix to enhance IT security and safeguard infrastructures, incorporate various forms of data recording into projects and use cases, develop security policies based on findings, and plan cyber event & response processes. 
• Investigate intrusion incidents, conduct forensic investigations and mount incident responses, and respond to information security issues during each stage of a security event.
• Stay up-to-date with new security threats, vulnerabilities, and best practices and incorporate them into the security posture.