Genesis Healthcare, Inc.
Senior Information Security Engineer - Control Management
Genesis Healthcare, Inc., Grove City, Ohio, United States, 43123
Genesis10 is currently seeking a Senior Information Security Engineer with our client in the financial industry located in Columbus, OH, Iselin, NJ , Westlake, TX, and Chandler, AZ. This is a 24+ month contract position. Responsibilities: Collaborate with, guide and counsel Critical Infrastructure process and control owners for Control Assurance requirements, including identifying where controls reside, oversight of control documentation changes, evaluating effectiveness and functioning as liaison to control assurance teams in 1st and 2nd Lines responsible for Testing Ensure a proper Critical Infrastructure profile of applicable regulations and associated controls as well as residual risks and compensating controls are maintained and continuously updated in appropriate systems of record on an ongoing basis Establish the inventory of all relevant business processes, governance channels, internal testing, audit, regulatory engagements and prioritize internal preparation, review routines and the integration with RCSA as applicable Establish regular routines with corporate risk, testing & validation and audit partners to provide transparency into business risk profile and trend Conduct risk assessments to evaluate the adequacy and effectiveness of policies, procedures, processes, systems, technology, and internal controls Provide reporting, written and verbal updates to Secure Network Services Leadership and Enterprise risk committees as issues/incidents arise that require escalation Deploy automation strategies for encryption, tokenization and key management products and services including Hardware Security Modules, security appliances and security applications deploying in physical, virtual and containerized environments Provide technical guidance and oversight to teams and team members responsible for product delivery and operational maintenance Support company driven audits, gather evidence of compliance to company policies, and drive product enhancements, when needed, to remediate findings Conduct technical investigation of incidents to identify causes and recommend future mitigation strategies Support incident response, root cause analysis and corrective action activities Requirements: 2+ years of Risk Management or Financial Services Industry experience, or equivalent experience demonstrated through one or a combination of the following: work experience, training, military experience, education 2+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education 2+ years of intermediate to advanced level experience with scripting/automation using tools such as: Bash, PowerShell, Python, Ansible, VBScript, or JavaScript, UI path, etc 2+ years of Linux and Windows server experience Knowledge of Cryptographic protocols & algorithms Knowledge and understanding of implementing infrastructure upgrades, security patches, version upgrades for systems, appliances and HSM's Experience with Agile Scrum or Kanban methodologies Proven experience with change and incident management practices in medium to large enterprise environments Desired Qualifications: Technical understanding of specific business operations, processes, products, and customer interactions where they manifest risk Demonstrated capacity to pro-actively and independently analyze and solve problems and address risks with the business unit's risk appetite and all risk and compliance program requirements Experience with DevOps and CI/CD automated build and deployment processes Experience with application support in Linux and Windows server environments Experience mentoring/guiding less experienced staff Strong a