Job Summary
Develops and implements enterprise information security strategies, technical architectures, and solutions. Develops, maintains, and mitigates list of threats collected from various security tools. Recommends continual improvement of security management tools, controls, policies, procedures, and operations. Plans, designs, develops, implements, and enforces audit of the security policies and procedures that safeguard the integrity of, and access to, enterprise systems, files, and data elements. Researches and advocates new technologies, architectures, and security products to support security requirements for the enterprise and its customers, business partners and vendors. Provides direct operational support of the business and Digital Services (DS) staff for security-related matters. Represents the security needs of the organization by providing expertise and consulting assistance for all DS projects and managed systems. Demonstrates security expertise and consults in product selection, procedure development, application development, database design, network and/or platform (operating system) efforts. Coordinates and delivers security assessments and reviews of internally and externally hosted application and infrastructure systems, to ensure security compliance. Develops and maintains security awareness programs and educates DS and business staff regarding security policies and procedures. Consults with other technical staff to ensure that the adequate security solutions are in place throughout all DS systems and platforms to mitigate any identified risks sufficiently to meet business objectives and regulatory requirements. Develops and maintains security risk analysis scenarios and response procedures, based upon emerging security threats. Contributes to management/executive level risk assessment reporting and security briefings to advise of critical issues that may affect customer, or corporate security objectives. Staff members in this position are effective and self-sufficient in working within a diverse technology portfolio, and regularly provide guidance and training to less experienced Security Engineers.
Essential Functions
- Researches, advocates, develops, and implements enterprise systems security strategies, technical architectures, products, and solutions, in support of the Corewell Health organization, its customers, business partners and vendors.
- Develops, maintains, and mitigates the list of threats collected from various security tools. Produces independent research of current security attack trends and techniques. Maintains knowledge of changing technologies, industry regulations and best practices, and provides recommendations for adaptation of new technologies or policies. Equipped with this research and knowledge, recognizes, and identifies potential areas where new data security policies and procedures are required and/or existing guidelines need change.
- Coordinates security reviews and/or assessments of internally or externally hosted applications and infrastructure systems, to ensure security compliance. Plans, designs, develops, implements, and enforces audits used to determine if the current security policies and procedures are appropriate for the protection of enterprise systems, files, and data elements, including system security profiles, security incidents, violations and exceptions.
- Develops and maintains security risk analysis scenarios and response procedures, based upon emerging security threats. This includes communicating to business partners and DS staff any potential security vulnerabilities, the business impact of these risks and recommended solutions.
- Provides security expertise to the organization, consulting for all DS projects and managed systems, by helping project, development and operational support teams comply with enterprise and DS security policies, industry regulations and best practices in product selection, procedure development, application development, database design, network and\or platform (operating system) efforts. Recommends and supports the continual evolution of enterprise security management tools, controls, operations, policies, and procedures. Also provides direct operational support of Corewell Health staff for security-related issues or concerns.
- Collaborates with Architects, Security Analysts, and others within DS to ensure that the appropriate measures are in place for all systems and platforms to mitigate risks sufficiently to meet the business objectives and regulatory requirements.
- Contributes to risk assessments and briefings for senior leadership, alerting them of any critical security-related issues that could potentially affect customer and/or corporate security objectives.
- Develops and delivers security awareness programs, and acts as educator of organizational staff for security policies and procedures. Provides mentorship to less senior team members and is accountable as a role model for customer service excellence.
How Corewell Health cares for you
- Comprehensive benefits package to meet your financial, health, and work/life balance goals. Learn more here.
- On-demand pay program powered by Payactiv.
- Discounts directory with deals on the things that matter to you, like restaurants, phone plans, spas, and more!
- Optional identity theft protection, home and auto insurance, pet insurance.
- Traditional and Roth retirement options with service contribution and match savings.
Qualifications
Required
- Bachelor's Degree or equivalent
- 5 years of relevant experience in the field
Preferred
- Master's Degree or equivalent
- 7 years of relevant experience in the field
- Full-time experience and demonstrated maturity in security engineering, including experience with network intrusion detection systems, packet capture techniques and analysis of raw packet captures
- Extensive experience with or knowledge of network topology/ infrastructure, client/server, databases, Web security, multiple operating systems (Windows, *nix, mainframe, IOS/mobile, embedded), web operations, encryption, authentication, vulnerability scanning, virus/malware management, data loss/leakage prevention, logging/security information management, firewall and intrusion detection systems
- Experience with security information management systems and common system log formats, including syslog and Event Log, as well as vulnerability assessment systems to test enterprise networks and applications
- Experience leading security incident response procedures
- Strong experience with the theory and practice of information risk analysis and risk management
- CRT - GIAC Security Essentials Certification (GSEC)
- CRT - GIAC Certified Incident Handler (GCIH)
- One of the below certifications:
- CRT - CISCO Certification - CISCO Commercial & Industrial Security Corporation
- CRT - Microsoft Certified Solutions Expert (MCSE)
- CRT - Information Systems Security Professional, Certified (CISSP) - ISACA Information Systems Audit and Control Association
- CRT - Information Systems Auditor, Certified (CISA) - ISACA Information Systems Audit and Control Association
- CRT - Risk and Information Systems Control, Certified (CRISC)
About Corewell Health
As a team member at Corewell Health, you will play an essential role in delivering personalized health care to our patients, members and our communities. We are committed to cultivating and investing in YOU. Our top-notch teams are comprised of collaborators, leaders and innovators that continue to build on one shared mission statement - to improve health, instill humanity and inspire hope. Join a nationally recognized health system with an ambitious vision of continued advancement and excellence.
Primary Location
SITE - Corewell Health Place - 100 Corewell Drive NW - Grand Rapids
Department Name
Defense and Orchestration
Employment Type
Full time
Shift
Day (United States of America)
Weekly Scheduled Hours
40
Hours of Work
8:00 a.m. to 5:00 p.m.
Days Worked
Monday to Friday
Weekend Frequency
Variable weekends
CURRENT COREWELL HEALTH TEAM MEMBERS – Please apply through Find Jobs from your Workday team member account. This career site is for Non-Corewell Health team members only.
Corewell Health is committed to providing a safe environment for our team members, patients, visitors, and community. We require a drug-free workplace and require team members to comply with the MMR, Varicella, Tdap, and Influenza vaccine requirement if in an on-site or hybrid workplace category. We are committed to supporting prospective team members who require reasonable accommodations to participate in the job application process, to perform the essential functions of a job, or to enjoy equal benefits and privileges of employment due to a disability, pregnancy, or sincerely held religious belief.
Corewell Health grants equal employment opportunity to all qualified persons without regard to race, color, national origin, sex, disability, age, religion, genetic information, marital status, height, weight, gender, pregnancy, sexual orientation, gender identity or expression, veteran status, or any other legally protected category.
An interconnected, collaborative culture where all are encouraged to bring their whole selves to work, is vital to the health of our organization. As a health system, we advocate for equity as we care for our patients, our communities, and each other. From workshops that develop cultural intelligence, to our inclusion resource groups for people to find community and empowerment at work, we are dedicated to ongoing resources that advance our values of diversity, equity, and inclusion in all that we do. We invite those that share in our commitment to join our team.
You may request assistance in completing the application process by calling 616.486.7447.