Senior Information Security Engineer

Who we are:

Spire Orthopedic Partners is a growing national partnership of orthopedic practices that provides the support, capital and operational resources physicians need to grow thriving practices for the future. As a Management Services Organization (MSO), Spire provides the infrastructure for administrative operations that allows practices to operate at their highest level, so doctors can focus their efforts on what matters most - patient care. The Spire network spans the Northeast with more than 1,300 employees, 130 physicians, and 28 locations in Connecticut, New York, and Massachusetts.

What you'll do:

This is a new position that will help ensure we build and improve the breadth and scope of our Information Security Program. This is an exciting opportunity that will contribute to the ongoing protection of Spire's assets, data, users, and reputation as Spire continues to grow its business. This individual will serve as an important hands-on information security technical resource and subject matter expert. This role will also be important in helping to add structure and discipline in building an enterprise-wide Information Security program across all our practices.

Responsibilities/Duties:

• Builds and maintains security monitoring tools and services, ensuring they are effective and relevant to reflect the needs of our organization. Lead ongoing internal processes to ensure compliance with relevant regulatory requirements and mandates such as HIPAA, PCI, SOX.

• Assists in identifying, evaluating, and documenting technology and security products and solutions and provides recommendations.

• Supports IT department staff in the analysis, solution, and documentation of system and network security issues and problems.

• Maintain and update the infrastructure security architecture to address evolving threats.

• Perform security and vulnerability assessments, identify vulnerabilities across various technologies, and develop comprehensive mitigation strategies.

• Lead efforts in detecting and analyzing security-related events and escalates as needed.

• Provide guidance for the development, maintenance, communication, and enforcement of corporate information security policies, standards, and procedures.

• Perform risk assessment and risk management processes which include documenting information asset profiles, evaluating threats, identifying mitigating controls, and determining overall risk to information and technology assets.

• Lead ongoing development and implementation of the security awareness training program which may include leveraging a LMS (Learning Management Solution) or other security tools to deliver content and assess end users.

• Periodically collaborate with end-users and vendors to assess, recommend, design, and implement security solutions and technologies.

• Collaborates with other IT and business stakeholders in efforts to control, remediate and recover in the event of a security incident or breach.

Qualifications

Who you are:

• Bachelor's degree in Information Technology, Cybersecurity, or a related field preferred.

• Experience required: 7 years plus working as an information security and technology professional with experience in the following areas: security architecture, identity and access management, threat and vulnerability management, data protection, security incident response.

• Expertise with physical and cloud security infrastructure, services, and protocols required.

• Proven ability to work independently and as a self-starter a plus.

• Experience with Microsoft technologies and services highly preferred.

• Professional certification in Information Security (e.g., CISSP) and/or Microsoft technologies (e.g., Microsoft Certified: Security, Compliance, Identity, etc.) a plus.

• Excellent analytical, problem-solving, and decision-making skills.

• Strong communication (written and oral) and interpersonal abilities.

• Advanced knowledge of general information security standards such as HITRUST, NIST CSF, ISO 27000, NIST SP 800 series a plus.

• Understanding and experience with security and privacy-related regulatory and industry frameworks such as HIPAA, PCI, and SOX preferred.

What we offer:

• Excellent growth and advancement opportunities

• Dynamic environment

• Access to a diverse network of practitioners

• Broad infrastructure of tools and programs to enhance the employee experience

• Competitive Compensation

• Generous PTO

• Benefits package: health, dental, vision, 401(k), etc.

We are an equal-opportunity employer. Qualified Applicants are considered for positions and are evaluated without regard to actual or perceived race, color, creed, religion, national origin, ancestry, citizenship status, age, sex, or gender (including pregnancy, childbirth, and related medical conditions), gender identity or gender expression (including transgender status), sexual orientation, marital status, military service and veteran status, physical or mental disability, protected medical condition as defined by applicable state or local law, genetic information, or any other characteristic protected by applicable federal, state, or local laws and ordinances (referred to as "protected characteristics").

IND2