Information Security Engineer Senior
Minneapolis, MN, United States
SUMMARY:
We are currently seeking an Information Security Engineer Senior to join our Information Security team.. This full-time role will work days. Primarily remote work but requires ability to report to campus last minute as needed.
Purpose of this position: The Information Security Engineer Senior is responsible for protecting the organization's digital information and computer network through the design, planning, implementation, and continued support of security measures to protect the organization's computer networks and systems. In addition to supporting the secure and compliant operations of the organization, the Information Security Senior Engineer will be expected to help identify, design, and implement new security controls based on needs and industry trends. A senior member of the Information Security team, this position requires a mindset aimed at safeguarding the organization's network assets, digital files, user accounts, PHI, and other sensitive information, as well as a continuous focus on improving the organization’s security posture.
RESPONSIBILITIES
Designs and implements Information Security controls and audits recommendations
Leads the identification and remediation of risks, threats, and vulnerabilities
Designs and conducts security and compliance assessments, including managing documentation and presentation of findings
Identifies opportunities to operationalize and automate elements of IT security and security operations
Leads efforts in the identification and remediation of risks, threats, and vulnerabilities
Responsible for maturing the vulnerability management program
Works independently to identify new vulnerabilities
Leads and participates in security incident investigations, which may include assisting with malware containment and incident response
Provides subject-matter expertise needed for the development and revision of existing and new IS&T security policies
Partners with other IT teams and asset owners to mitigate vulnerabilities
Stays abreast of the latest Information Security trends, threats, and vulnerabilities
Provides direct end-user support for Tier 2 and 3 incidents
Mentors and supports the development of members of the team
Designs and implements Information Security controls and audits recommendations
Leads the identification and remediation of risks, threats, and vulnerabilities
Participates in external audits and assessments by collecting and providing requested evidence
Actively participates in ongoing Risk Management efforts
Represents Information Security at meetings, committees, and task forces
Thinks outside the box and assists in creating multiple risk and compliance remediation options
Responsible for the development, promotion, and maintenance of Information Security owned applications, such as a password vault, phishing simulator, authentication systems, 3rd-party risk management tools, etc.
Leads and participates in IT projects as they relate to Information Security
Maintains the Information Security Controls Catalog
Leads / Facilitates 3rd party risk management assessments and ongoing vendor monitoring
Participates in the Cyber Emergency Response Team
Provides regular and off-hour on-call support as scheduled
Other duties as assigned