Position Status:Full TIme
Manager Systems Security
Under direction of the Director of Site Operations individual will be involved in ensuring the protection, confidentiality and integrity of HealthStream hosted software offerings.
• Minimum 10 years experience with two or more of the following:
o Windows 2008 and 2012
o Linux Centos and RedHat v6 and v7
o Windows IIS 7.X and 8.X
o Familiar with ASP.Net Web Application Services
o Exposure to scripting languages
o Knowledge of Microsoft SCCM and Patch Management best practices
o Knowledge of Nessus Vulnerability Scanners
• Currently hold or be actively pursuing related professional certifications such as CISSP, GSEC, CISM or CISA is highly preferred
• Knowledge of OWASP top 10 and remediation of attacks against web applications. The ability to convey the risks to IT and business stakeholders
• Familiarity with information system attack methods and vulnerabilities
• Knowledge of Cloud Architecture and deep knowledge of AWS and Azure deployments.
• Knowledge of Security Hardening Standards and Frameworks such as NIST, FEDRAMP, HIPAA and PCI.
Key Job Responsibilities:
• Define and provide pragmatic security guidance that balance business benefit and risks.
• Engage IT teams throughout projects to identify and prioritize applicable security controls and provide guidance on how to implement these controls
• Perform risk assessments of information systems and infrastructure
• Maintain and enhance the Information Security risk assessment methodology
• Define security configuration standards for platforms and technologies
• Conduct technical security assessments and penetration test
• Develop appropriate risk treatment and mitigation options to address security risks identified during security review or audit
• Translate technical vulnerabilities into business risk terminology for business units and recommend corrective actions to customers and project stakeholders
• Perform vulnerability assessments as needed
• Supports the mission and goals of the company.
• Demonstrates integrity and strong ethical standards.
• Committed to quality and its continuous improvement.
• Solves problems proactively.
• Committed to learning better and more efficient ways to accomplish tasks.
• Requires strong communication skills to interact with internal groups and customers to understand development requests.