Information Security Engineer

Overview

As an Information Security Engineer, you play a critical role designing and implementing security mechanisms to protect Vytalize data and information systems.

Key responsibilities include assessing risks, designing information system security architecture, performing regular control assessments to identify deficiencies, coordinating security risk assessments across the ecosystem, auditing and supporting program certifications, conducting third‑party risk assessments, and managing security events.

Responsibilities

Incident Response

• Assist in testing incident response plans to mitigate security breaches or compliance violations.

• Test business continuity and disaster recovery plans to sustain operations and restore systems after cyber incidents.

• Respond to and resolve information security events and escalations.

Security Architecture Design

• Evaluate and select security technologies, tools, and solutions for effectiveness.

• Design cloud security strategies and implement controls to safeguard data, applications, and infrastructure hosted in the cloud.

• Collaborate with the security team to design architecture protecting the entire IT infrastructure, aligning with business objectives and compliance requirements.

Risk Assessment and Audits

• Maintain and monitor the cybersecurity risk register, including risk ratings, mitigation strategies, and action plans.

• Coordinate data gathering for audits and risk assessments across teams.

Training & Awareness

• Monitor training campaigns, evaluate effectiveness, and improve phishing detection and response capabilities.

Supplier Risk

• Conduct vendor risk assessments to identify and document potential supplier cybersecurity risks, threats, and vulnerabilities.

• Develop a process for tracking third‑party compliance requests and ensuring timely completion.

Compliance Oversight

• Collaborate with internal and external audit teams, providing documentation and evidence of compliance.

• Maintain a continuous assessment process for the cybersecurity framework to ensure controls operate effectively.

Vulnerability Management

• Monitor remediation of vulnerability assessment findings, including penetration test results.

Cross‑Functional Collaboration

• Communicate security risks, issues, and recommendations to senior management and stakeholders.

Qualifications

• Work experience in the healthcare information security field.

• Prior Health Information Technology (HIT) experience implementing controls to meet federal security and privacy regulations.

• 3+ years of relevant IT security experience in a complex enterprise environment.

• Demonstrated knowledge of IT processes, risks, infrastructure, and information security.

• Experience with incident response and vulnerability management.

• Knowledge of HIPAA, HITECH, and PCI DSS.

• Experience with information security assessments and audits.

• Strong written and verbal communication skills.

• Effective collaboration with stakeholders across departments and affiliated organizations.

• Ability to analyze information system security design and recommend configuration.

• Detail‑oriented.

• Preferred expertise in security assessment methodologies.

• Ability to work effectively in a complex enterprise environment.

Benefits

• Competitive base compensation.

• Annual bonus potential.

• Health benefits effective on start date; 100% coverage for base plan, up to 90% coverage on other plans for individuals and families.

• Health & Wellness Program; up to $300 per quarter for overall well‑being available on start date.

• 401(k) plan effective on the first of the month after start date; 100% of up to 4% of annual salary.

• Unlimited (or generous) paid “Vytal Time”, and 5 paid sick days after first 90 days.

• Company‑paid STD/LTD.

• Technology setup.

• Opportunity to help build a market leader in value‑based healthcare at a rapidly growing organization.

Please note at no time during our screening, interview, or selection process do we ask for additional personal information beyond your resume or account/financial information. We will never ask you to purchase anything, nor will we interview you via text message. Any communication received from a Vytalize Health recruiter during your screening, interviewing, or selection process will come from an email ending .

#JLjbffr