Develop a strong understanding of LHC business, information technology and system processes.
Examine internal cyber security controls, evaluate the design and operational effectiveness, determine exposure to risk and develop remediation strategies.
Plan, implement, monitor, and upgrade security measures for the protection of the organization’s assets to maintain confidentiality, integrity, and availability.
Participate in the LHC’s change management process.
Conduct integrated information technology audits, including but not limited to pre/post-implementation phases, privacy, data governance, and cybersecurity reviews using accepted audit and risk assessment frameworks adopted to the LHC environment.
Test and identify vulnerabilities, and create countermeasure and mitigation recommendations’/strategies to protect LHC assets.
Conduct efficient and effective audit procedures.
Communicate complex technical issues in a simplified manner to relevant staff and management.
Plan, execute, and document the audit plans. Generate final report showing compliance with LHC cyber security controls. Assure that audit issues and associated root causes are understood, well defined and presented in understandable manner.
Perform regular audit control testing and provide recommendations.
Review, evaluate, and test information technology application controls.
Build automation to simplify the audit control verification and assessment.
Provide recommendations and guidance on identified security and control risk.
Provide weekly status and metric reporting on work performed and audit control verification.
Contributes to drive efficiencies and enhancement opportunities to existing auditing processes and techniques, using data analytics, automation, and other process improvement techniques and ideas.
Contributes to budgeting and fiscal management processes.
Other duties as assigned.
3+ years’ experience as a cyber-security auditor; health care experience preferred.
Bachelor’s Degree in Information Technology/Computer Science or related degree
Working knowledge of NIST CSF, 800-53, ISO 2700X, SOC2 security frameworks
Experience with Active Directory, IIS, Windows servers, SQL Server, Firewalls, Routers, WAPs, End Point Security, Virtualization Technologies, VPN, Asset Management, Patch Management, Vulnerability Scanners, Kali Linux, . . .
Working knowledge of .Net and/or Powershell
Ability to work in a fast paced environment
Strong attention to detail with an analytical mind and outstanding problem solving skills.
Great awareness of cyber security trends and hacking techniques
Certified Information Security Auditor (CISA) certification