Job Posting: Come join us and find out why Cedars-Sinai has been ranked as one of the top 100 best places to work in IT as ranked by 2017 Computerworld Magazine. Job Summary: Responsible for supporting the creation and implementation of more complex security architectures and secure application designs for information systems. This includes: guiding application developers and support teams with secure application design, planning and integration; conducting security architecture reviews, provides secure application and infrastructure solutions, end-to-end; designing and implementing mechanisms and programs that restrict access of malicious intent and other unauthorized users; introducing new security methods and technologies for integration with existing technical architectures, frameworks, implementation planning, documentation of best practices, and templates; assessing security threats and risks, recommend and assist in the delivery of solutions to mitigate risks; educating project stakeholders in the need for and the use of security technology; leading the creation and administration of data security policies, procedures, and standards; and leading access audits and conducting complex computing forensics. Job Responsibilities: These duties are not meant to be all-inclusive and other duties may be assigned.
Participate/Lead the Security Incident Response Team (SIRT).
Help SIRT to employ strategy, standards, processes and technology to detect, respond and recover from security incidents and to limit the impact of any such occurrence or reoccurrence by using risk-based triage.
Contribute to the InfoSec risk model, and in coordination with other IT teams, establish plans to securely manage the cyber risks associated with business activities and technical implementations.
Serve as a security expert in network or application design, operating systems, endpoint protection, mobile devices, and foundation InfoSec technical controls.
Help project teams comply with InfoSec policies, industry regulations, and best practices.
Work with enterprise architects, other functional area architects, analysts and project teams ensuring InfoSec solutions are in place throughout all IT systems to mitigate identified risks sufficiently, while meeting business objectives and regulatory requirements.
Ensure that business and technical requirements are aligned to policy and are implemented within regulatory and contractual compliance. Advocate for cyber risk mitigation during planning sessions and implementation of new services.
Contribute to the development and maintenance of the information security strategy.
Contribute or Lead forensic investigations/analysis, including collaboration with governmental agencies, as needed.
Leverage security monitoring tools to evaluate and improve the security of organization systems and network.
Maintain and support the security tools suite to ensure logged data fidelity and integrity.
Mentors and trains others in security concepts and techniques
Bachelor's degree in Computer Science/related discipline or the equivalent in education and work experience.
Minimum of 5 years experience as a security specialist with knowledge in solution design, deployment, and operations in desktop, server, network and server technologies.
Security certification from SANS or equivalent (GIAC, GSEC, SSCP; CISSP) is required.
Demonstrated understanding of computer/network security, operating systems, such as UNIX/LINUX, Windows and NT, LAN/WAN networking protocols such as TCP/IP, routing, firewalls, IDS/IPS, PKI and encryption.
Advanced understanding of current information security concepts, methods, best practices and technologies as applied to the enterprise environment, specifically including: o Information Classification, o Network security protocols, methods and technologies, o Application and Web Layer Security (Web 2.0, Secure Messaging, Secure Protocols), o Continuity of operations planning and disaster recovery strategies and architectures, and o Identity Access Management and Access Control.
Advanced knowledge of, and experience with regulatory and compliance information security frameworks, standards and best practices (NIST, ITIL, HIPAA, PCI-DSS, ISO 27000 series, etc.).
Proficient with office automation, project management and communication tools
Ability to work with system engineers to standardize departmental based information systems security.
Able to collaborate with colleagues and share information, resources and ideas.
Providing healthcare for more than 100 years, Cedars-Sinai has evolved into one of the most dynamic and highly renowned medical centers in the world. Along with caring for patients, Cedars-Sinai is a hub for biomedical research and a training center for future physicians and other healthcare professionals. This attracts exceptional talent to Cedars-Sinai, including world-renowned physician-scien...tists who seek a place where they can both conduct research and see patients--the ideal formula for discovery and its translation into cures. Our patients benefit from access to doctors at the top of their fields, and our researchers have an ideal community in which to study the impact of healthcare challenges, and reflect that knowledge in their research. The greater Los Angeles area in which Cedars-Sinai resides possesses unparalleled cultural and ethnic diversity which offers outstanding opportunities for translational and clinical research and a dynamic environment for medical education.Although community based, Cedars-Sinai is a major teaching hospital affiliated with the David Geffen School of Medicine at the University of California, Los Angeles (UCLA). Cedars-Sinai has highly competitive graduate medical education programs in more than 50 specialty and subspecialty areas, a graduate program in biomedical sciences and translational medicine, a clinical scholars program directed towards junior physicians with aspirations to become clinical scientists, and post graduate training opportunities.There are more than 250 full-time faculty members at Cedars-Sinai. The voluntary medical staff, comprised of more than 2,200 specialty board-certified or board-qualified physicians, represent all of the specialties and subspecialties and collaborate with full-time medical staff in the teaching responsibilities of the graduate medical education programs.