Job Description: Senior Data Security Engineer
We are seeking a Senior Data Security Engineer to join the Office of Information Security, reporting to the Director of Security Engineering and Innovation. The Senior Data Security Engineer will lead and implement an enterprise strategy on data security, and will partner with various technical teams to ensure this strategy is carried out. The Senior Data Security Engineer will also work closely with other security staff and represent the interests of the broader Information Security team to the rest of the enterprise.
- Manage, implement, and continuously improve the security of company data, including client and patient data.
- Define and ensure implementation of appropriate security controls commensurate with data classification.
- Define and ensure a consistent set of controls in order to secure protected health information (PHI).
- Partner with DevOps and other technical teams representing infrastructure, application development, and information security in order to design and implement data security solutions.
- Evaluate, recommend, and implement data security controls including transactional auditing, log retention, encryption and data masking.
- Articulate and maintain a solid understanding of technical controls required to secure data at rest and in transit.
- Assess business requirements and use cases in order to facilitate the adoption of data security controls.
- Monitor and report on access to sensitive data; respond to any data breaches accordingly.
- Work closely with database administrators to understand and implement security controls inherent in the platform (Oracle, Microsoft SQL, Sybase, etc.).
- Work closely with team members from Risk Management and Compliance in order to understand external compliance requirements.
- Represent the interests of the broader Information Security team to other technical staff and business stakeholders.
- Develop and maintain data security standards and evangelize those to appropriate staff.
- Develop and share data security expertise within the broader Information Security team.
- In partnership with the broader Information Security team, research and recommend emerging security technologies/tools to address current and future threats.
- Provide guidance for security remediation to business and IT partners by conducting technical risk assessments (includes vulnerability assessment).
- Participate in security incident handling and investigations as required.
- Interact and manage vendors, outsourcers, and contractors regarding security products and services.
- Manage and/or provide guidance to junior members of the team.