Conifer Information Security Director- Remote

Job ID: 2205001380

Date posted: 01/17/2022

Facility: Conifer Health Solutions

Job Details

As a part of the Tenet and Catholic Health Initiatives family, Conifer Health brings 30 years of healthcare industry expertise to clients in more than 135 local regions nationwide. We help our clients strengthen their financial and clinical performance, serve their communities and succeed at the business of healthcare. Conifer Health helps organizations transition from volume to value-based care, enhance the consumer and patient healthcare experience and improve quality, cost and access to healthcare. Are you ready to be part of our solutions? Welcome to the company that gives you the resources and incentives to redefine healthcare services, with a competitive benefits package and leadership to take your career to the next step!

JOB SUMMARY

The Director, Information Security (Senior Security Architect) is responsible for establishing the strategic technical security roadmap for the entire Conifer Enterprise and defining the future roadmap to meet both current and emerging cybersecurity threats. Specific responsibilities include identifying advanced technologies that will ensure the confidentiality, integrity, and availability of sensitive data regardless of the location, ensure access to data is limited to only authorized individuals and systems, and then leading the requirements definition process. The Senior Security Architect will participate in the product or service demonstration, source selection, and contract negotiation with prospective vendors. The Senior Security Architect is also responsible for designing the infrastructure needed to migrate on-premises solutions into a Cloud environment.

The Director (Senior Security Architect) supports the Conifer enterprise by leading diverse teams of contractors and security professionals through the design, systems integration, engineering, and implementation of security tools. The Director (Senior Security Architect) is responsible for the integration of various security tools to ensure a positive user experience (UX) through the standardization of similar user interface (UI). The Director (Senior Security Architect) will also participate in internal and external audits, serving as the Subject Matter Expert to rationalize design decisions and explain security controls and metrics.

The Director will also be responsible for developing the investment roadmap, planning, and executing the expenditure of capital funds, and representing the risk-reward to executive leadership.

ESSENTIAL DUTIES AND RESPONSIBILITIES

Include the following. Others may be assigned.

  • Design and document an enterprise security architecture to mitigate the cyber threats to Conifer Health’s data, operations, and physical assets.
  • Serve as the subject matter expert on emerging security technologies, industry roadmaps.
  • Single technical and operational subject matter expert for implementing all Conifer security operational tools.
  • Provide direction to Conifer security team members for security engineering and operations.
  • Manage security vendors implementation of technology and tools to ensure compliance with contracted deliverables.
  • Research, draft, and review security technical requirements; evaluate prospective vendors, participate in pricing negotiations.
  • Serve as the technical ‘face to the customer’ for responding to security questionnaires, technical demonstrations, and incident reporting.
  • Demonstrate understanding and implementation experience of technical and physical protection strategies through the implementation of advance products and architectures including encryption, networks, hardware, and software development life cycle.
  • Support external and internal audit requirements (HIPAA, NIST CSF, ISO 27001, SOC 2, etc.) through the collection of evidence, participation in operational discussions, and demonstration of compliance with published policies, standards, procedures, and security frameworks.

FINANCIAL RESPONSIBILITY (Specify Revenue/Budget/Expense): $1 Million

SUPERVISORY RESPONSIBILITIES

This position carries out supervisory responsibilities in accordance with guidelines, policies and procedures and applicable laws. Supervisory responsibilities include interviewing, hiring, and training employees; planning, assigning, and directing work; appraising performance; rewarding and disciplining employees; addressing complaints and resolving problems.

No. Direct Reports (incl. titles) Lead, Analyst (Security Architect)

No. Indirect Reports (incl. titles) Security Implementation Teams: (up to 10 separate simultaneous vendor contracts)

Qualifications:

Conifer requires its candidates, as applicable and as permitted by law, to obtain and provide confirmation of all required vaccinations and screenings prior to the start of employment. This may include, but is not limited to, the COVID-19 vaccination, influenza vaccination, and/or any future required vaccines and screenings.

KNOWLEDGE, SKILLS, ABILITIES

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Knowledge:

  • Computer networking concepts and protocols, and network security methodologies.
  • Design and configuration of security components used in public-Cloud architectures, specifically Microsoft Azure.
  • Security products to support a public Cloud architecture, including mobile device access.
  • Risk management processes (e.g., methods for assessing and mitigating risk).
  • Laws, regulations, and policies as they relate to healthcare cybersecurity and privacy.
  • Cybersecurity and privacy principles (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • Cyber threats and vulnerabilities.
  • Identity Governance Administration, Privileged Access Management, and Access Management, including Zero Trust Architecture.
  • Applicable healthcare business processes and operations of healthcare organizations.
  • Identifying and remediating application vulnerabilities.
  • Communication methods, principles, and concepts that support the network infrastructure.
  • Capabilities and applications of network equipment including routers, switches, bridges, servers, transmission media, and related hardware.
  • Cybersecurity capabilities and requirements analysis.
  • Cyber defense and vulnerability assessment tools and their capabilities.
  • Encryption algorithms, cryptography, and cryptographic key management concepts.
  • Database systems security.
  • Incident response, business continuity, and disaster recovery continuity of operations plans.
  • Organization’s enterprise information security architecture.
  • Installation, integration, and optimization of system components.
  • User interface / User Experience (UI/UX) human-computer interaction principles.
  • Industry-standard and organizationally accepted analysis principles and methods.
  • How traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • Remote access technology concepts.
  • Key concepts in change and configuration control, and vulnerabilities remediation (e.g., Release Management, Patch Management).
  • Software and systems engineering.
  • Systems testing and evaluation methods.
  • Network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
  • Organizational process improvement concepts and process maturity models (e.g., COBIT, Capability Maturity Model Integration (CMMI) for Development, CMMI for Services, and CMMI for Acquisitions).
  • Service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).
  • Application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing).
  • Cybersecurity-enabled software products.
  • Personally Identifiable Information (PII), Payment Card Industry (PCI), Personal Health Information (PHI) data security standards.
  • N-tiered typologies (e.g., including server and client operating systems).
  • Enterprise information technology (IT) architectural concepts and patterns (e.g., baseline, validated design, and target architectures.)
  • Integrating the organization’s goals and objectives into the architecture.
  • Organization’s evaluation and validation criteria.
  • Network design processes, to include understanding of security objectives, operational objectives, and trade-offs.

Skills:

  • Applying and incorporating information technologies into proposed solutions.
  • Designing countermeasures to identified security risks.
  • Designing the integration of hardware and software solutions.
  • Determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
  • Design modeling and building use cases (e.g., unified modeling language).
  • Using Virtual Private Network (VPN) devices and encryption.
  • Developing and executing test plans.
  • Configuring and utilizing software-based computer protection tools (e.g., software firewalls, antivirus software, anti-spyware).
  • Designing multi-level security/cross domain solutions.
  • Public-Key Infrastructure (PKI) encryption and digital signature capabilities into applications (e.g., S/MIME email, SSL traffic).
  • Supplying security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
  • Designing micro-segmentation as a control to protect local area networks (LAN).
  • Identify cybersecurity and privacy issues that stem from connections with internal and external customers and partner organizations.

Abilities:

  • Ability, in close coordination with system security officers, advise authorizing officials, chief information officers, senior information security officers, and the senior accountable official for risk management/risk executive (function), on a range of security-related issues (e.g. establishing system boundaries; assessing the severity of weaknesses and deficiencies in the system; plans of action and milestones; risk mitigation approaches; security alerts; and potential adverse effects of identified vulnerabilities).
  • Apply the methods, standards, and approaches for describing, analyzing, and documenting an organization’s enterprise information technology (IT) architecture (e.g., Open Group Architecture Framework [TOGAF]).
  • Communicate effectively when writing.
  • Configure and analyze vulnerability scans and develop controls to remediate vulnerabilities in security systems.
  • Apply an organization’s goals and objectives to develop and maintain security architecture.
  • Optimize system security controls to meet enterprise performance requirements.
  • Apply network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • Apply secure system design tools, methods, and techniques.
  • Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • Serve as the primary liaison between the enterprise architect and the systems security engineer and coordinates with system owners, common control providers, and system security officers on the allocation of security controls as system-specific, hybrid, or common controls.
  • Identify critical infrastructure systems with information communication technology that were designed without system security considerations.

EDUCATION / EXPERIENCE

Include minimum education, technical training, and/or experience required to perform the job.

REQUIRED:

  • Bachelor’s degree in business or information systems
  • 5 years’ minimum experience in information security in an engineering role
  • 2 year minimum experience in a Cloud security architectural role
  • 3 year minimum experience in a managerial / leadership role
  • Certified in Information Systems Security Professional (CISSP)

HIGHLY DESIRED

  • Master’s Degree in information systems, cybersecurity, management, or business
  • 1 years’ minimum experience in healthcare or similar experience

WORK ENVIRONMENT

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

  • Office Work Environment / but Remote Office is a potential
  • Must be able to respond to infrequent serious security incidents at any time

OTHER

  • Up to 15% travel required, 25% if working remote

JOB:Managers And Directors

PRIMARY LOCATION:Frisco, Texas

JOB TYPE:Full-Time

SHIFT TYPE:Days

Employment practices will not be influenced or affected by an applicant’s or employee’s race, color, religion, sex (including pregnancy), national origin, age, disability, genetic information, sexual orientation, gender identity or expression, veteran status or any other legally protected status. Tenet will make reasonable accommodations for qualified individuals with disabilities unless doing so would result in an undue hardship.
Tenet participates in the E-Verify program. Follow the link below for additional information.

E-Verify: http://www.uscis.gov/e-verify

More Information

Apply for this job

Leave your thoughts

Share this job