Overview

PURPOSE STATEMENT:

The Sr. Security Engineer - Detection and Response position is instrumental in the safeguarding and preservation of Acadia's crucial IT infrastructure and sensitive patient data. This role is entirely committed to upholding the most stringent cybersecurity standards within a healthcare environment, ensuring full compliance with industry regulations, and promptly addressing security incidents. Through the adept utilization of state-of-the-art security technologies, automation, and strong partnerships with third-party MSSPs, the Healthcare Security Engineer assumes a pivotal role in the delivery of superior patient care, the nurturing of patient trust, and the unwavering preservation of integrity and confidentiality within our healthcare systems.

ESSENTIAL FUNCTIONS:

OTHER FUNCTIONS:

• Performs other tasks as assigned.

STANDARD EXPECTATIONS:

• Complies with organizational policies, procedures, performance improvement initiatives and maintains organizational and industry policies regarding confidentiality.
• Communicate clearly and effectively to person(s) receiving services and their family members, guests and other members of the health care team.
• Develops constructive and cooperative working relationships with others and maintains them over time.
• Encourages and builds mutual trust, respect and cooperation among team members.

EDUCATION/EXPERIENCE/SKILL REQUIREMENTS:

• Education: A bachelor’s degree or equivalent work experience.
• Experience: Minimum of 5 years of cybersecurity experience, with a preference for at least 4 years in detection and response.
• Expertise: Strong knowledge of cybersecurity principles, technologies, and best practices. Proven experience in healthcare security and knowledge of industry regulations, such as HIPAA and HITECH.
• Communication: Excellent communication and collaboration skills to work with diverse teams and vendors.
• Compliance: Knowledge and understanding of relevant legal and regulatory requirements, such as: Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard (PCI).
• Frameworks: Proficiency in common information security management frameworks, such as ITIL, Center for Internet Security (CIS) Critical Security Controls (CSC), and NIST, including 800-53 and MITRE ATT&CK Framework.
• Problem-Solving: Strong problem-solving and analytical abilities.
• Technology Proficiency: Candidates must be capable of effectively evaluating and implementing technical alternatives, staying up to date with emerging technologies, risk assessment methodologies, and incident response.
• Self-Motivation: Self-motivated with strong organizational skills and exceptional attention to detail.
• Multitasking: Ability to manage multiple tasks/projects simultaneously within strict time frames and adapt to frequent priority changes.
• Adherence: Capability to work within established policies, procedures, and practices set by the organization.

• Language Skills: Proficient in English to provide and receive instructions and directions effectively.

LICENSES/DESIGNATIONS/CERTIFICATIONS:

• Certifications: Desired by not required: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), CompTIA Security or Network , GIAC Certified Incident Handler Certification (GCIH), GIAC Certified Intrusion Analyst Certification (GCIA), Certified Cloud Security Professional (CCSP), Certified Intrusion Analyst (GCIA), Certified Information Security Incident Handler (CIHI), Certified Incident Handler (EC-Council ECIH), Certified Ethical Hacker (CEH), or other similar credentials. 

SUPERVISORY REQUIREMENTS:

This position is an Individual Contributor

AHCORP