Information Security Auditor
“To modernize medicine it takes more than just a great product – it takes a great team.”
At Modernizing Medicine, we look for passionate, innovative, creative Rock Stars!
· Inc. 2016 List of 5000 Fastest-growing Private Companies in America
· Florida Fast 100 – 2016 List of Florida’s fastest-growing companies
· Deloitte’s 2015 Technology Fast 500™
· Modern Healthcare’s Best Places to Work in Healthcare – 2015
· SFBJ 2015 #1 Best Place to Work
Modernizing Medicine is looking for an experienced Information Security Auditor who will be responsible for keeping our software in compliance with the company’s security policies and procedures. The Information Security Auditor will work closely with the company’s Compliance Officer and Security Officer.
- Collaborate with the compliance officer to ensure that policies and procedures are being maintained and enforced, including annual policy reviews.
- Collaborate with assistant security officers to ensure that all software engineering and hosting activities conform to the company’s published security and privacy policies.
- Oversee scheduled audits and reviews of all custom applications within the company.
- Maintain an inventory of custom software with an index to all known compliance artifacts.
- Ensure all source code is kept in secured repositories and all changes to source code are documented using change and problem management tools.
- Ensure all deployments and configuration changes are documented and governed by a change and problem management process.
- Ensure all 3rd party components are maintained and routinely evaluated against published lists of new and known vulnerabilities.
- Ensure that new applications and PHI exposures are captured, cataloged and maintained.
- Ensure that all applications and operations teams create, maintain and practice Emergency Mode Operations Plans in accordance with the Incident Command System.
- Oversee in house white box testing of all applications at least once annually providing hands on instruction and training to assistant security officers where needed.
- Ensure that all networks and hosted environments undergo 3rd party black box testing at least once annually.
- Ensure that software engineering teams are receiving ongoing education on secure programming
Skills & Requirements
Your Background & Experience:
- 5 years experience in IT Security field
- 3 years experience as an information systems security auditor or similar
- 3 years experience leading geographically distributed matrixed team
- Excellent communication skills
- Ability to effectively translate policies into technical requirements and back again
- Ability to effectively index large volumes of information for multiple constituencies
- Familiarity with vulnerability testing tools and protocols (e.g. OWASP-ZAP, nmap, metasploit…)
- Familiarity with vulnerability tracking organizations and standards (e.g. CERT)
- Experience with OWASP Application Security Verification Standard preferred