Exemption Status:

Pay scale information is not necessarily reflective of actual compensation that may be earned nor a promise of any specific pay for any selected candidate or employee which is always dependent on actual experience education qualifications and other factors. A full review of our comprehensive pay and benefits will be discussed at the offer stage with the selected candidate.

This position is not eligible for Sponsorship.

MedImpact Healthcare Systems Inc. is looking for extraordinary people to join our team!

Why join MedImpact Because our success is dependent on you; innovative professionals with top notch skills who thrive on opportunity high performance and teamwork. We look for individuals who want to work on a team that cares about making a difference in the value of healthcare.

At MedImpact we deliver leading edge pharmaceutical and technology related solutions that dramatically improve the value of health care. We provide superior outcomes to those we serve through innovative products systems and services that provide transparency and promote choice in decision making. Our vision is to set the standard in providing solutions that optimize satisfaction service cost and quality in the healthcare industry. We are the premier Pharmacy Benefits Management solution!

Job Description

Summary

The Information Security Engineer II develops executes and monitors enterprise-wide information security from policy through implementation across all Security departments including SECOPS DEVSECOPS and Threat Analytics. This position expands the duties of the Security Engineer I to include direct security support for departments in corporate subsidiaries with identified areas of need which require experienced oversight. This position is required to ensure that business information is secure from unauthorized access protected from inappropriate alteration and is physically secure. This hands-on position serves as the process owner for all ongoing security activities and is responsible for the protection of the confidentiality and integrity of client employee and proprietary business information in accordance with federal/state laws and regulations. Enforcement of and adherence to MedImpacts corporate policies and procedures is required by all Security team members.

Essential Duties and Responsibilities include the following. Other duties may be assigned.

• Enforces policy and supports security procedures applications and systems through the documentation of the resolution of assigned cases that range from simple to complex. Recommends changes to existing security process and procedures.
• Ability to utilize Endpoint Threat Detection and Response/Hunting toolsets
• Creates requirements for product evaluations and/or procedures to enhance productivity and effectiveness. Provides direct support to the business and IT staff for security related issues.
• Drives the delivery of new and upgraded security applications systems and workflow. Tests new systems for effective operations.
• Leads efforts to proactively maintain and improve the automation reliability consistency and the quality of existing IT security tools and environments throughout the organization. Assists in the design deployment integration and configuration of security solutions or enhancements to ensure functionality.
• Ensures the confidentiality integrity and availability of data residing on or transmitted to from or through the enterprise workstations servers application systems and data repositories.
• Initiates facilitates and promotes activities to create information security awareness. Disseminates and educates users on security policies and practices. Participates in regular security awareness training and updates to ensure consistent compliance with IT Security Policies.
• Works cross-functionally and interacts with internal business units and stakeholders to support the business needs. Using an automated customer case request system tracks and documents security service requests and completed cases.
• Participates in daily activities and reporting required for regulatory and contractual information security obligations. Coordinates tasks that are performed within the infrastructure (system administration network administration application support etc.) for security updates and initiatives. Performs analysis design and development of security features for system architecture.
• Participates in security incident investigations and provides on-going communication to security management. Identifies root causes of security events and proposes solutions; closes out and documents investigations. Ensures confidentiality and appropriate personnel are involved in the investigation.
• Maintains up-to-date industry knowledge through formal/informal training industry associations and research of latest technologies critical to the success of the companys information security program. Continuously works to identify and improve security solutions to defend the company against data security threats.
• Apprises and keeps management aware of security issues; handles and/or escalates issues appropriately.
• Provides guidance/training to less experienced staff.
• Apprises and keeps management aware of security issues; handles and/or escalates issues appropriately.
• Provides IT Security consultative support to internal and external clients.
• Manages IT Security related projects and assignments as assigned.

Supervisory Responsibilities

No supervisory responsibilities

Client Responsibilities

This is an internal and external client facing position that requires excellent customer service skills and interpersonal communication skills (listening/verbal/written). One must be able to; manage difficult or emotional client situations; Respond promptly to client needs; Solicit client feedback to improve service; Respond to requests for service and assistance from clients; Meet commitments to clients.

Qualifications

To perform this job successfully an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge skill and/or ability required. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.

Education and/or Experience

BS/BA and 8 years experience or equivalent combination of education and experience and 4 years of SME in respective areas

Computer Skills

To perform this job successfully an individual should have knowledge of Microsoft Office Suite.

Additional expertise is required in the following:

• Endpoint Management Experience (BigFix WSUS/SCCM Symantec Trend Micro etc)
• Identity and Access Management
• Certificate Management
• Patch Management (Windows and Unix)
• Intrusion Detection and Prevention
• Security Awareness Training
• Mobile Device Management
• EDR (Endpoint detection and response)
• Web Content Filtering
• Device Encryption
• Vulnerability Assessment Tools
• Firewall and VPN
• Secure E-mail Anti-SPAM
• Webserver applications
• Web API Service Security
• Business Continuity (Disaster Recovery)
• Compliance and Audit (HIPAA HITRUST SOC GovRAMP and PCI a plus)
• OS Administration (Windows Linux and Unix)
• Authentication and SSO
• Container Security

Certificates Licenses Registrations

Security Certification strongly preferred

OWASP ISSA ISACA membership a plus

Other Skills and Abilities

• Must have excellent analytical problem solving and communication skills. Familiarity with SSAE SOC 1 and SOC 2 HITRUST federal/state security and privacy frameworks HIPAA PCI and regulatory requirements for information security. Must be able to work on a team and build good working relationships with team members and internal clients.
• Must have good understanding of standard policies and procedures for information security.

Reasoning Ability

• Ability to solve practical problems and deal with a variety of concrete variables in situations where only limited standardization exists.

• Ability to define problems collect data establish facts and draw valid conclusions.

Mathematical Skills

• Ability to apply concepts such as fractions percentages ratios and proportions to practical situations.

• Ability to add subtract multiply and divide in all units of measure using whole numbers common fractions and decimals. Ability to compute rate ratio and percent and to draw and interpret bar graphs.

Language Skills

• Ability to respond to common inquiries or complaints from customers regulatory agencies or members of the business community.
• Ability to respond effectively to the most sensitive inquiries or complaints.

Competencies To perform the job successfully an individual should demonstrate the following competencies:

Composure

Decision Quality

Organizational Agility

Problem Solving

Customer Focus

Drive for Results

Peer Relations

Time Management

Dealing with Ambiguity

Learning on the Fly

Political Savvy

Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this Job the employee is regularly required to sit and talk or hear. The employee is regularly required to stand; walk; use hands to finger handle or feel and reach with hands and arms. The employee must occasionally lift and/or move up to 25 pounds.

Work Environment

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.

This position may regularly be exposed to or encounter moving mechanical parts high precarious places fumes or airborne particles toxic or caustic chemicals outdoor weather conditions risk of electrical shock or vibration. The noise level in the work environment is usually moderate (examples: business office with computers and printers light traffic).

Work Location

This position must work on-site at the San Diego Headquarters for purposes of providing adequate support to internal clients; being available for face-to-face interactions and coordination of work with other employees colleagues clients or vendors; as well as for facilitation of quick and effective decisions through collaboration with stakeholders. Remote work is not an option for these purposes.

Working Hours

This is an exempt level position requiring the incumbent to work the hours required to fully accomplish job responsibilities and reasonably meet deadlines for work deliverables. The individual must have the flexibility to work beyond traditional hours and be able to work nights at weekends or on holidays as required. Work hours may be changed from time to time to meet the needs of the business. Typical core business hours are Monday through Friday from 8:00am to 5:00pm.

Travel

This position requires domestic travel of up to 10% of the time.

The Perks:

• Medical / Dental / Vision / Wellness Programs
• Paid Time Off / Company Paid Holidays
• Incentive Compensation
• 401K with Company match
• Life and Disability Insurance
• Tuition Reimbursement
• Employee Referral Bonus

To explore all that MedImpact has to offer and the greatness you can bring to our teams please submit your resume to is a privately-held pharmacy benefit manager (PBM) headquartered in San Diego
California. Our solutions and services positively influence healthcare outcomes and expenditures improving the position of our clients in the market. MedImpact offers high-value solutions to payers providers and consumers of healthcare in the U.S. and foreign markets.

Equal Opportunity Employer Male/Female/Disabilities/Veterans

OSHA/ADA:

To perform this job successfully the successful candidate must be able to perform each essential duty satisfactorily. The requirements listed are representative of the knowledge skill and/or ability required.
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Disclaimer:

The above
statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified.