About Vidant Health
Vidant Health, located in eastern North Carolina, is a comprehensive health system that is made up of 9 hospitals that serve 1.4 million people in 29 counties. Vidant Health includes Vidant Medical Center, community hospitals, physician practices and partners that collaborate with Vidant Health to enhance the quality of life of our patients.
Information Services at Vidant Health
Vidant Health offers comprehensive Information Technology (IT) services and infrastructure to support and enable all aspects of organizational operations. Our IT division consists of a state-of-the-art data center located in Greenville, NC. The data center services all information technology needs of Vidant Health facilities. Vidant Health has been recognized as one of the 100 Most Wired healthcare organizations by Hospitals and Health Networks magazine. All Vidant Health owned or leased hospitals are on a common IT platform, including our electronic health record (EHR) that uses Epic's suite of applications. Vidant Health has achieved Meaningful Use Stage 1 recognition and is also approaching Stage 7 for HIMSS Analytics’ Electronic Medical Records Adoption Model (EMRAM) recognition.
The Principal Information Security Engineer position requires an information security professional who is result oriented, multi-disciplined, and comfortable in implementing system security solutions in multi-vendor environments. This position is accountable for the research, technical analysis, recommendation, configuration, administration and management of systems and procedures to ensure the protection of information processed, stored, or transmitted in Vidant Health's computing environments. This position leads the security design, consultation, and technology security governance oversight for various projects and initiatives. The incumbent also undertakes complex projects requiring additional specialized technical knowledge. This position acts as information security liaison to various business units as well as internal information systems departments and provides direction, training, and guidance for less experienced staff. The position will also provide subject matter expertise in the discovery of vulnerabilities and the development of technical
strategies to ensure the security, integrity and availability of equipment and systems.
Bachelor's degree in Computer Science, Information Systems, Engineering or related major.
Minimum ten (10) years experience in a mission-critical production environment required.
Ability to develop specific proactive procedures and guidelines for the prevention and detection of security breaches, identifying security risks and engineering and guiding the implementation of solutions. Must be able to translate frameworks, such as ISO27001/2, HiTrust CFS, etc., into actions and implementation plans, and work with other team leaders to drive required standards and changes.
Demonstrated experience in operating system, application, and network penetration testing and vulnerability assessment. Should have experience in liaising with system and network administrators to help remediate the impact of the identified risks and vulnerabilities at the platform level. Demonstrated knowledge of security controls for network, application and operating systems. Strong knowledge and work experience with logical access controls to ensure confidentiality, integrity and assurance of proprietary information. Knowledge and understanding of business processes and information systems of a healthcare institution. Demonstrated experience in working with senior management on highly sensitive projects that require utmost discretion, and maintaining strict confidentiality on all data, records, and tasks as required. Demonstrated interpersonal skills, including conflict resolution. Experience with resource allocation, coaching, and mentoring. Strong ability to work effectively in a team environment as a team leader. Proven ability to partner with staff and managers in Information Services as well as business partners. Experience with committee and consensus driven organizations. Capacity to work independently and willingness to seek advice/assistance. Experience in leading or working with a mature information security auditing program preferred. Must have demonstrable knowledge of complex system architecture, including multi-data center server and storage virtualization. Must have subject matter expertise in securing systems as all layers of the OSI model.
License or Certification: Certified as CISSP, GIAC, CISM, or security equivalent.
It is the goal of Vidant Health and its entities to employ the most qualified individual who best matches the requirements for the vacant position.
Offers of employment are subject to successful completion of all pre-employment screenings, which may include an occupational health screening, criminal record check, education, reference, and licensure verification.
We value diversity and are proud to be an equal opportunity employer. Decisions of employment are made based on business needs, job requirements and applicant’s qualifications without regard to race, color, religion, gender, national origin, disability status, protected veteran status, genetic information and testing, family and medical leave, sexual orientation, gender identity or expression or any other status protected by law. We prohibit retaliation against individuals who bring forth any complaint, orally or in writing, to the employer, or against any individuals who assist or participate in the investigation of any complaint.