New York, New York
Information Security Engineer
Imagine a workplace that encourages you to interpret, innovate and inspire. Our employees do just that by helping healthcare payers manage the cost of care, improve competitiveness and inspire positive change. You can be part of an established company with a 40-year legacy that helps our customers thrive by interpreting our client’s needs and tailoring innovative healthcare cost management solutions.
Our commitment to diversity, inclusion and belonging are part of the fabric of our company. We strive to create a workplace that fosters mutual respect and collaboration, where every talented individual can participate and perform their best work. We are MultiPlan and we are where bright people come to shine!
Please note: Our offices are currently closed due to the pandemic. If offered the position you would start by working from your home. However, when we fully reopen later this year this would transition to working from either our Naperville, IL, Bedford, MA, Irving, TX or New York City offices.
This position supports the Information Security Group in assuring that the corporate network, as well as (external) services are secure from external (cyber) attacks and leakage of information to the outside world. This is a highly specialized technical role requiring hands on support of the security operations function of the network and system infrastructure. This position will carry out technical operational processes surrounding vulnerability assessment/management, event monitoring/correlation, intrusion detection and prevention, investigations, security awareness, incident response, and cyber security.
Your specific job duties will include:
1. Design, implement and maintain technical security programs including but not limited to Vulnerability and Threat Management, Data Loss Prevention, Security Event Monitoring and Response.
2. Ensure security of the IT infrastructure, conduct periodic reviews of user IDs, protect the confidentiality and integrity of information, maintain the technical mechanisms and corresponding legitimate access, and comply with all relevant internal control processes as well as IT Security and Privacy Laws and Regulations.
3. Utilize third party tools to participate in the performance of internal and external penetration testing to identify and address information system security vulnerability.
4. Serve as a cyber-security subject matter expert to support cyber-risk analysis programs through the execution, analysis, and documentation of cyber-security surveys and risk-assessments.
5. Aid in the development and maintenance of relationships with various business functions including but not limited to internal audit and third party auditors. Participate in Information Security Group initiated audits and reviews of assigned business processes to evaluate adequacy of controls within IT.
6. Lead and monitor the execution of infrastructure security processes and ensure secure user access. Oversee support, security and troubleshooting for:
a. Corporate event logging appliances and software.
b. Access security badge keycard systems.
c. Closed circuit cameras and digital video recorders.
d. Cisco IDS sensors and firewall.
8. Oversee the development and maintenance of IT Policies and Procedures with the various process owners, and publish the latest versions on our intranet web site.
9. Identify, collaborate, coordinate and communicate opportunities for strengthening IT security throughout the company. Organize and coordinate Vulnerability Management process in all platforms.
10. Ensure compliance with HIPAA, SOX, HITRUST, and SOC1/2 regulations and requirements.
11. Demonstrate Company’s Core Competencies and values held within.
12. The position responsibilities outlined above are in no way to be construed as all encompassing. Other duties, responsibilities, and qualifications may be required and/or assigned as necessary.
This role works under minimal supervision and exercises discretion when making decisions related to job responsibilities. The incumbent relies on varied knowledge gained through previous experience with non-standard issues to review, analyze, and draw conclusions. One has authority to act on resolutions of extraordinary issues and provides input to how information is presented to the client and communicates results to Supervisor on a weekly basis. The impact on day-to-day operations focuses on operating decisions at the major project or functional level. Work will be subject to occasional review by Supervisor. The incumbent fields questions from a variety of sources both within and outside the Company.