Location: Remote or Boston, MA or Pittsburgh, PA
Employment Type: Full-time
Based on the evolving situation with Covid–19 we are mostly remote, this
includes the hiring process. We are in the process of moving to a hybrid of
onsite and remote with some positions remaining 100% remote.
Why This Role Is Important to Arcadia
This hand-on team manager will be responsible for maintaining the security of
Arcadia’s IT systems by ensuring that all security controls are implemented
and operate effectively. They will monitor the control of potential issues,
analyze systems and networks for security threats, manage and respond to
security issues and incidents, and ensure that day-to-day computer security
and compliance related tasks are completed. As a manager this person will have
responsibility for a team of Information Security resources responsible for
all tasks associated with Arcadia’s Information Security Program.
What Success Looks Like
In 3 Months
· Overseeing all day-to-day aspects of Arcadia’s Information Security
· Creating and delivering clear and concise reports to reflect the
current state of all aspects of the InfoSec Program
· Management of the Information Security team
In 6 Months
· Owning all tasks associated with the Information Security Manager Role
In 12 Months
· Demonstrating strict oversight of Arcadia’s Information Security
What You'll Be Doing
- Managing a team of Security Analysts responsible for overseeing the operations and day-to-day tasks of Arcadia’s Information Security Program.
- Monitoring computer systems to ensure compliance with standards and regulations including HIPAA/HITECH, HITRUST, ISO 27001, SOC 2 and federal and state information security laws.
- Providing technical and forensic support during investigations into any suspected security or privacy incidents in accordance with company security and privacy incident handling, reporting, and management procedures.
- Performing, reviewing, evaluating, assessing, documenting, and communicating the results of regular IT vulnerability and configuration scans.
- Interfacing with external partners, including Managed Detection and Response vendors, as first contact for identified computer security alerts and issues.
- Performing risk assessments on identified system vulnerabilities and tracking and reporting on the results of the security assessments.
- Managing vulnerability tickets to ensure the timely closure of identified security issues.
- Creating clear and concise weekly Vulnerability Management Reports for Executives.
- Performing and overseeing monthly HITRUST Information Security Management tasks.
- Participating in all Certification and Customer audits and coordinating the implementation of Third-Party Risk Assessments and Penetration Tests.
- Supporting computer security initiatives and global policy adherence and awareness efforts in the areas of technical and data responsibility.
- Ensuring that new client engagements, in the areas of technical and data responsibility, adhere to the required information security controls and policies.
- Enforcing security policy adherence and coordinating formal policy exception requests.
- Maintaining Incident and Exceptions Logs and providing timely updates on security assessments and assigned projects.
- Designing and implementing annual testing and training on Security Incident Response and Business Continuity and Disaster Recovery.
- Completing security assessments and annual audits for customers and prospective customers as well as providing artifacts (snapshots, etc.) to support annual customer and certification audits.
- Performing and maintaining initial and annual external and third-party vendor risk assessments.
- Producing monthly Security Metrics reports for the Information Security Officer (ISO), VP Information Security & Compliance and any other prescribed stakeholders or security steering committees.
- Responding to requests for consultation or other inquiries from staff and providing security advice as required.
- Supporting any requests for information by any external authoritative agencies as required, including assessors, auditors, and investigators.
- Building relationships and partnering with business units throughout the company.
- Supporting the Operations, Engineering, Production Support, and Technical Implementation teams by providing the necessary security expertise required to ensure that applications and infrastructure are implemented in accordance with company objectives for risk acceptance.
What You'll Bring
- A Bachelor’s degree in Information Technology/Security or a related field from an accredited institution.
- Minimum 4 years of experience in Information Security field.
- Strong knowledge of security standards and frameworks including ISO 27001: 2013/27002, NIST 800-53, NIST CSF, SOC2 Type1 and 2 and HITRUST;
- Strong knowledge in enterprise cybersecurity domains, including network architecture, operating system security, encryption and key management, anti-malware, identity and access management, vulnerability management, and security monitoring
- Demonstrated experience in cloud security or architecture, implementing best practices security in an AWS environment.
- Experience and understanding of vulnerability analysis, writing remediation guidance, driving large scale critical vulnerability remediation work
- Experience in patching, image release process and security scanners
- Good understanding of threat modeling, operational threat intelligence, and common attack vectors.
- Understanding of system and network hardening practices on AWS.
- Experience working cross-functionally to deliver security capabilities in matrixed and complex large-scale enterprise environments.
- Previous experience managing a team that delivers secure, operational capabilities for distributed and highly available systems.
- Expertise in understanding with working familiarity in a broad range of security tools/applications, including but not limited to MDR, PAM, SOC, 2FA, NGFW, DLP, AWS security/logging tools/mechanisms, email gateway, Office365, EDR/endpoint protection, MDM, access control/network segmentation, SSO, IAM, vulnerability scanning, and data classification tools
Would Love for You to Have
- AWS Cloud and Security Certifications
What You Get
- The opportunity to manage a strong and mature Information Security Program that is responsible for protecting Arcadias most valuable asset – our customers data.
- An opportunity to be a part of maintaining industry recognized certification programs including HITRUST, ISO 217001, and SOC 2 including experience in certification audit completion.
- The ability to build and lead a growing and diverse team of security professionals.
- Be a part of a mission driven company that is transforming the healthcare industry by changing the way patients receive care
- A flexible, remote friendly company with personality and heart
- Employee driven programs and initiatives for personal and professional development
- Be a member of the Arcadian and Barkadian Community
Arcadia.io helps innovative healthcare systems and
health plans around the country transform healthcare to reduce cost while
improving patient health. We do this by aggregating massive amounts of
clinical and claims data, applying algorithms to identify opportunities to
provide better patient care, and making those opportunities actionable by
physicians at the point of care in near-real time. We are passionate about
helping our customers drive meaningful outcomes. We are growing fast and have
emerged as the market leader in the highly competitive population health
management software and value-based care services markets, and we have been
recognized by industry analysts KLAS, IDC, Forrester and Chilmark for our
leadership. For a better sense of our brand and products, please explore our
website, our online
resources, and our interactive Data
This position is responsible for following all Security policies and
procedures in order to protect all PHI under Arcadia's custodianship as well
as Arcadia Intellectual Properties. For any security-specific roles, the
responsibilities would be further defined by the hiring manager.