Information Security Engineer

Remote, | IT (Information Technology)

Position Summary:

Safeguard GoHealth’s computer networks, systems, users and data by building and promoting the enterprise-wide IT Governance, Risk, Security, Privacy and Compliance Programs. The objectives of these programs are to identify potential risks, consult on possible solutions, and assist in determining the best balance of risk, cost, and business benefit to adequately protect critical company assets. 
Plan and carry out security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks. Work as part of the larger IT team and be responsible for educating the workforce on information security through training and building awareness.
Install and use software, such as data encryption programs, to protect organizations’ sensitive information. Also assist computer users with installation or processing of new security products and procedures. 
Conduct periodic scans of networks to find any vulnerability. Also conduct penetration testing, through simulated attacks on the system to highlight or find any weaknesses that might be exploited by a malicious party.
Constantly monitor the organization’s networks and systems for security breaches or intrusions. Install software that helps to identify intrusions and watch out for irregular system behavior.
  • High School Diploma or GED required
  • Bachelor's degree in information systems/information security or equivalent work experience in Information Security or a closely related field involving Security standards and regulations (such as HIPAA, PCI-DSS 3.2, ISO 27001, HITRUST and NIST) with a solid understanding of network security protocols and methodologies. required
  • Healthcare experience required
Work Experience 
  • 3+ yrs of Systems Engineering or Network Engineering required
  • 2+ yrs of Info Security or similar responsibilities required 
Required Licenses/Certifications
  • Security + or SSCP
Additional Knowledge, Skills and Abilities Required 
  • Direct experience with anti-virus software, intrusion detection, network security, firewalls and content filtering
  • Knowledge of risk assessment tools, technologies and methods. (for example SIEM solutions). Must understand architecture, implementation, deployment and support of these tools.
  • Experience designing, maintaining and supporting secure systems and application architecture revolving around personal health information and payment processing transactions.
  • Knowledge of disaster recovery, computer forensic tools, technologies and methods
  • Compliance experience in implementing IT security controls for NIST800-53r4, HIPAA, ISO27001/27002/27018, PCIDSS, and/or SOX programs.
Additional Knowledge, Skills, and Abilities Preferred 
  • Ability to read and use the results of email transport protocols, malicious code, and anti-virus software
  • Strong understanding of endpoint and network security solutions including vulnerability scanning, file integrity monitoring and data loss prevention
  • Azure/Cloud experience and knowledge 
  • Experience implementing and administering security features and tools within Office 365 environment
  • Other Security certifications a plus, including HCISPP, CISSP, CISM, CISA or related/comparable credentials.
  • Experience using OneTrust Privacy Software a plus.
  • Plan, design, enforce and audit security policies and procedures which safeguard the integrity of and access to enterprise systems, files, and data elements.
  • Protect systems by defining access privileges, control structures, and resources.
  • Recognize and identify potential areas where existing data security policies and procedures require change, or where ones need to be developed or improved, especially regarding future business expansion.
  • Recognizes problems by identifying anomalies; reporting and investigating risks, concerns, or violations.
  • Implements security improvements by assessing the current situation; evaluating trends; anticipating requirements.
  • Creates, participates, and executes on strategic plans to continually improve and optimize information security across the GoHealth Urgent Care enterprise structure
  • Determines security violations and inefficiencies by conducting periodic audits.
  • Upgrades system by implementing and maintaining security controls.
  • Keeps users informed by preparing performance reports; communicating system status.
  • Maintains quality service by following organization standards.
  • Maintains technical knowledge by attending educational workshops; reviewing publications.
  • Contributes to team effort by accomplishing related results as needed.
  • Ability to relate business requirements and risks to policy and technology implementations to key business stakeholders.
  • Conduct Phishing evaluations and Security Awareness training for end users.
  • Works in cross-functional teams to implement security measures and times both face-to-face and via written communication.
  • Writing and maintaining information security policies and procedures.

All qualified persons are granted an equal opportunity for employment without regard to race, color, religion, sex, sexual orientation and gender identity or expression, age, national origin, citizenship status, disability, genetic information, medical condition, family care leave status, pregnancy or pregnancy-related condition, otherwise qualified disabled or veteran status. The company will comply with all fair employment laws in each of the jurisdictions where we conduct business.

Job, emergency, healthcare, licensure, medical, clinical, wellness, career, employment, opening, staff, benefits, health care, clinic, primary care, urgent care

Why GoHealth?

GoHealth Urgent Care has outstanding career opportunities in Connecticut, Delaware, Missouri, New York City, North Carolina, Northwest Arkansas, Oklahoma City, San Francisco and the Portland-Vancouver area. And all of these positions have one thing in common: flexibility to practice urgent care medicine the way it was meant to be, without the stress and bureaucracy of hierarchical organizations. With reasonable work hours that don’t emotionally exhaust them or burn them out, our team can balance and prioritize their professional and personal lives.