Sr. Security Engineer (Remote)

The Senior Security Engineer, Risk & Controls focuses on compliance-related risk, research, policy, and process or technology control improvement projects in support of the Inspira Security Team and its stakeholders. This position helps reduce risk by proactively ensuring that the company is following current compliance and other standards-based requirements and is additionally prepared for emerging requirements. The Senior Security Engineer, Risk & Controls will fulfill these duties by collaborating with internal and external audit teams, IT management, corporate accountants, consultants, and other stakeholders to ensure project deliverables are met. Strong knowledge of governance frameworks, security best practices, and IT General Controls is essential for this position.

Essential Job Duties and Responsibilities:

• Perform technical internal audits and develop testing methodologies of company controls, including but not limited to data center, critical application, and user account access
• Draft new workflows, including impact statements on how revised processes shall be incorporated into daily tasks
• Complete Security Questionnaires and maintain knowledge base with common client-facing responses
• Assist with Third Party Risk Management assessments and improve overall processes and outputs
• Prioritization of deliverables from due diligence and audit findings
• Centralize and maintain evidence of security controls required for audits, including but not limited to HIPAA, PCI, and SOC 2
• Manage critical vendor security and risk assessments including initiation and results evaluation.
• Employ a cross-disciplinary approach that comprehends risk/policy/technology
• Research best practices around security controls and determine the best options to meet multiple security compliance initiatives
• Identify operations and business functions that may require control improvements
• Identify and develop training related to controls governance or technical implementation of controls
• Understand administrative, technical, and operational controls related to compliance with security standards and best practices
• Understand information risk management concepts and application, perform internal risk assessments
• Understand and follow information security best practices, company policies, and information security standards that impact this role, including use of any tools, technologies, services, and processes
• Participate in the evaluation and selection process for enterprise solutions to achieve compliance, including the development of technical requirements and application assessments
• Act as the technical liaison to company-wide functional areas to ensure adherence to compliance regulations and company standards
• Revise security policies and other documentation as determined by business needs and evolving security program requirements
• Resolve and complete service requests and assist in the resolution of due diligence, audit, or other compliance related incidents as assigned

Accountabilities:

• Contribute to the overall success of the company by performing all assigned duties in a professional, timely, and accurate manner in accordance with established company procedures.
• Follows Inspira's Guiding Principles.
• Follow Inspira's standard operating procedures for your department.
• Act as a team player and work cooperatively with team members.
• Ensure compliance with regulations and company policies regarding security of Protected Health Information (PHI) and Personally Identifiable Information (PII).
• Demonstrate the integrity and discretion necessary to safeguard confidential data handled or obtained in the normal performance of job duties at all times.