Full-time
Manager Security Operations and Vulnerability Management - Zelis - Bedminster, NJ

Position Overview: This position is responsible for managing, maintaining and executing the Information Security operations and vulnerability management programs. In this hands-on role, he\she will manage day-to-day security operations tasks such as log reviews, intrusion alert reviews, vulnerability scans, security projects (HiTrust) and stay up-to-date on the latest intelligence, including hackers’ methodologies, to mitigate security incidents. In addition, he/she will work with stakeholders to remediate identified vulnerabilities within timelines developed based on industry best practice and regulatory guidelines. He\She will also assist with building and reporting metrics regarding the program effectiveness.This role will serve as a subject matter expert who provides specific strategies to protect computer systems, networks and data. Included will be gaining a thorough knowledge of the Zelis technology stack and operations to provide information and recommendations for improved security. Will also be responsible for conducting risk assessments and make recommendations to ensure organization security controls meet regulatory controls as well as industry best practice guidelines.This role will also ensure RFP submissions are complete and accurate and will perform the necessary reviews for information security assessments and aid in the tracking and monitoring of the metrics of the overall program. Providing support in this capacity will ensure Information Security enables the Zelis Healthcare Sales and Account Management teams to retain, attract, and procure clients and customers across all Zelis Healthcare business lines.Key Responsibilities: · Respond to intrusion detection / intrusion prevention alerts from outsourced Security Operations Center (SOC)· Conduct proper review and follow-up for potential threats based on log monitoring results from outsourced security service· Perform Information Security risk assessments and execute tests of data processing systems to ensure functioning of security measures; examples: HIPAA/HiTrust compliance assessment, Role Based Access audit· Gather and research risk control deficiencies and work with Enterprise Risk Management and other members of Information Security to accurately record in a risk register and assign prioritization· Coordinate and participate in Information Security penetration tests· Coordinate and manage Data Loss Prevention (DLP) technology services· Manage internal information security scanning tools such as Qualys and perform regular assessments· Track vulnerability remediations at the product and patch level. Review vulnerability scans and plan with IT on patching or remediation for all technical platforms.· Coordinate remediation efforts associated with the results of penetration tests and vulnerability assessments· Collaborate and provide oversight with Information Technology to insure security standards are incorporated into the application development lifecycle and engineering implementations· Review and revise Security Incident Response plans as needed· Evaluate and implement security solutions· Work with Legal, Client and IT to agree on contractual commitments for security and remediate gaps in meeting client security requirements· Support audit requests· Assist with annual review of Information Security policies, standards and procedures· Other related duties as assigned· Corporate Compliance Responsibility - As an essential function, responsible for complying with Zelis’ Corporate Compliance Program, Standards of Business Conduct, applicable contracts, laws, rules and regulations, policies, and procedures as it applies to individual job duties, the department and the Company. This position must exercise due diligence to prevent, detect, and report unlawful and/or unethical conduct by fellow co-workers, professional affiliates and/or agents.Qualifications and Education: Required:- Bachelor’s degree in Cyber Security (or) related degree and experience- Hands-on security professional- Healthcare and Healthcare claims experience- Five (5) + years’ experience in Information Security and Vulnerability Management- Strong understanding of technology including the Microsoft suite of products and the Cisco and Palo Alto network products- Developing and managing penetration testing and vulnerability scan programs and associated tools experience- preferred- Contract review experience- Developing and implementing remediation strategies to safeguard computers, networks and regulated data experience- Managing risk scoring methodologies to establish risk scores against risk appetite experience- Overseeing adherence to remediation efforts by internal IT staff and business line owners experience- Performing Information Security/Information Technology risk assessments experience- Ability to effectively prioritize and execute tasks in a high-pressure environment- Ability to manage multiple work streams simultaneously- Strong verbal and written communications skills- Excellent Customer service skillsPreferred:- Mentoring junior staff experience- Firewall ruleset management review experience- GRC tools such as Service Now experience- Health Care experience- Familiarity with regulatory controls and industry best practice frameworks such as HIPAA, ISO27001/2, PCI, HITRSUT, NIST etc.)- CISSP, CISM or GIAC certifications- HiTrust knowledge and experienceWork Environment: · Travel requirements to (primarily) domestic destinations should not exceed 20%.· A standard work week exists but with the understanding that additional time/effort outside of the usual parameters can/will occur based upon the overall needs of the integration, where deadlines exist and when necessary due to the needs of the integration team.· A standard business environment exists with moderate noise levels.· Ability to lift and move approximately thirty (30) pounds on a non-routine basis.· Ability to sit for extended periods of time.Job Type: Full-time

Apply for this job  or Save to My Jobs

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.