At Qure4u, we're on the path to becoming the world leader in developing digital solutions that empower rewarding and meaningful patient-provider experiences.
We're relentless in our pursuit to reinvent what's possible. The healthcare landscape is constantly evolving, but our foundation for success stays the same. We hire good people who want to be part of a team that makes extraordinary things happen. Our employees have a direct, positive impact on millions of healthcare providers and patients every day.In a nutshell ...
The Information Security Analyst is responsible for the internal and external security of the organization's information systems. We are an energetic, collaborative group! We are seeking a candidate who is willing to work a hybrid schedule, spending 2-3 days per week working within our beautiful Bradenton, FL office.
To be successful in this role, you will:
What you will be doing ...
- Detail oriented and focused to address the most minute of information contained within the tools available to you at Qure4u Inc. You must be organized and have a strong work ethic.
- Work side by side the System Engineering/DevOps team, as well as a top tier MSP/MSSP team, and Security Compliance partners. In this role you will help to remediate and inherit controls around compliance objectives and document accordingly. You must have a teaming approach to be successful in this role.
- Documentation and writing skills will be a key part of this role. Recording and capturing audit information, remediations, and steps taken to achieve security objectives and achieve and maintain compliance.
- In addition you will be expected to gather information across the organization that support furthering the security and compliance objectives, and organize them accordingly for presentation and approval to auditors.
- A strong understanding of the Qure4u Inc. external facing applications, infrastructure, and system(s) as a whole; to ensure the highest level of security and compliance around how the system is designed and meant to work.
- Constant learning beyond current skillset by evolving and developing new skills to combat new and emerging threats, as well as staying current on latest compliance objectives.
- Proactive and self-starter, be willing to dive in to correct current issues relating to security as well as anticipating and being proactive against future issues.
- Reactive when needed to combat the latest threats and keep Qure4u systems running at the highest levels of security and compliance required.
- Risk management skills needed to reduce or prevent attacks, and risk to compliance objectives.
- Reporting to the Vice President of Engineering, your collaboration at the executive level is an important factor in successfully executing in this role and delivering the objectives of the organization.
Experience and skills you will bring ...
- Development, modification, and operation of security protocols including intrusion detection and prevention systems to protect the organization's information from breach or loss.
- Conducts periodic audits and due diligence checks of security protocols, evaluating systems for vulnerabilities.
- Use technology to automate compliance activities like gathering evidence and verifying controls
- Responds to risk assessments in response to the RFP process for prospective customers.
- Recommends modifications to security protocols as required.
- Develops and/or provides training and guidance on acceptable use, risk management, incident response, and security protocols to employees.
- Periodically briefs senior management on status of security system and protocols.
- Reviews reports of, and evaluates response to any security incidents.
- Ensures that monitoring operations comply with all applicable government regulations and standards, to include HIPAA standards, and other standards as required.
- Maintains current knowledge of emerging security threats, technical challenges, and developments in system protection and IT security standards.
- Creates and manages all policies and procedures required for the successful attainment of certifications, such as SOC 2, PCI DSS, HIPAA, HITRUST and others.
- Intrusion prevention skills, following and anticipating trends and attacks before they happen.
- Other duties as assigned.
- A bachelor's degree in a Computer Science, Information Security, Systems Engineering and Security, or Computer Information Systems, and/or equivalent work experience equal to 8 years in lieu of degree.
- 3-5 years' experience in information technology, with at least three years specializing in computer security.
- 1-3 years' experience working within the healthcare industry. SaaS experience a big plus in this role.
- Previous experience achieving Hi-Trust certification within a prior organization required
- In-depth knowledge of HIPAA and other healthcare related compliance requirements
- Experience working with cloud-based, Apple and Android based platforms
- Certifications desired: CCSP, PCI QSA, CISSP, or CISA certifications
- Skilled at working effectively with cross functional teams in a matrix organization
- Exemplary planning and time management skills
- Ability to multi-task and prioritize daily workload
- High level verbal and written communication skills
- Discretion and confidentiality
- Ability to function well in a high-paced and at times stressful environment