Job summary
*No agency support required & this role is open to remote working within the UK only.*
iRhythm is seeking a Senior Cyber Security Engineer
to support the development, implementation, and ongoing testing of our
information services security architecture. Under the direction of the Senior
Vice President, Information Technology Compliance and Security, this position
will play a key role in continuing to develop our security operations as well
as supporting ongoing security governance initiatives. This is a new role
helping to build out our maturing information security function.
The Sr. Cyber Security Engineer will operate at
multiple levels within the organization leading and participating in security
operations, projects, risk assessments, incident response, and policy creation
and maintenance. In addition, the Sr. Cyber Security Engineer will work
across the organization acting as a trusted advisor on security related topics
identifying and recommending solutions on security related items. We
operate in a highly regulated environment (SOX, SOC 2, HIPAA, GDPR, CCPA, ISO,
FDA, EU MDR) and the Sr. Cyber Security Engineer must have a working knowledge
in these regulations.
Main duties of the job
- Actively identify, investigate, and respond to security threats and incidents related to systems and workflow to ensure internal security controls are appropriate and operating as intended within the organization
- Manage, operate, and maintain the SIEM (Splunk-based) along with the security monitoring tools used for intrusion analysis and incident response.
- Find/develop new threat intelligence, detection and hardening strategies.
- Analyze cyber threat data and correlate with existing understanding of cyber threats impacting iRhythm environment.
- Evaluate existing methods and recommend scalable solutions for Security and Incident Response
- Conduct Proof of Concepts for solutions and technologies required for Security Operations
- Manage the security vulnerabilities and risks across iRhythm including identifying, supporting application/system owners to manage risks and remediate vulnerabilities
- Develop strategies to identify, manage, and mitigate identified threats and vulnerabilities to attain desired risk profile and communicate strategies to key stakeholders
About us
iRhythm is a leading digital
healthcare company focused on the way cardiac arrhythmias are clinically
diagnosed by combining our wearable biosensing technology with powerful
cloud-based data analytics and machine- learning capabilities.
Our goal is to
be the leading provider of first-line ambulatory ECG monitoring for patients at
risk for arrhythmias. iRhythms continuous ambulatory monitoring has already
put over 4 million patients and their doctors on a shorter path to what they
both need answers.
Job description
Job responsibilities
We are looking for an experienced Senior Cyber Security Engineer to support the development, implementation, and ongoing testing of our information services security architecture.Under the direction of the Senior Vice President, Information Technology Compliance and Security, this position willplay a key role in continuing to develop our security operations as well as supporting ongoing security governance initiatives. This is a new role helping to build out our maturing information security function.
The Sr. Cyber Security Engineerwill operate at multiple levels within the organization leading and participating in security operations, projects, risk assessments, incident response, and policy creation and maintenance. In addition, they will work across the organization acting as a trusted advisor on security related topics identifying and recommending solutions on security related items. We operate in a highly regulated environment (SOX, SOC 2, HIPAA, GDPR, CCPA, ISO, FDA, EU MDR) and the Sr.Cyber Security Engineermust have a working knowledge in these regulations.
Responsibilities:
- Actively identify, investigate, and respond to security threats and incidents related to systems and workflow to ensure internal security controls are appropriate and operating as intended within the organization
- Manage, operate, and maintain the SIEM (Splunk-based) along with the security monitoring tools used for intrusion analysis and incident response.
- Find/develop new threat intelligence, detection and hardening strategies.
- Analyze cyber threat data and correlate with existing understanding of cyber threats impacting iRhythm environment.
- Evaluate existing methods and recommend scalable solutions for Security and Incident Response
- Conduct Proof of Concepts for solutions and technologies required for Security Operations
- Manage the security vulnerabilities and risks across iRhythm including identifying, supporting application/system owners to manage risks and remediate vulnerabilities
- Develop strategies to identify, manage, and mitigate identified threats and vulnerabilities to attain desired risk profile and communicate strategies to key stakeholders
- Supports the execution of the Enterprise Vulnerability Management Program including the delivery of enterprise-wide vulnerability assessments and targeted penetration testing
- Collaborate with various teams and our Managed Security Provide for security operations and incident response, as required
- Provide information protection expertise to IT operational teams to ensure systems are properly protected and monitored.
- Evangelize security / compliance initiatives and engage with operations and development teams to ensure adherence to security policy guidelines, compliance standardsand drive changes needed to respond to emerging threats.
- Play an active role in the coordination and associated remediation activities for our SOC 2, HIPAA, NIST, GDPR, CCPA, UK Cyber Essentials, penetration, and cybersecurity assessments
- Support the development and ongoing delivery of security awareness training
- Coordinate execution of annual incident response and disaster recovery table-top walkthroughs and update processes and associated documentation
- The successful candidate will work cross organizationally through influence and help shape operating processes with value-add recommendations and regulatory guidance
Work Schedule:
- This is a full time, remote/working from home role
- 40 hours per week
Job description
Job responsibilities
We are looking for an experienced Senior Cyber Security Engineer to support the development, implementation, and ongoing testing of our information services security architecture.Under the direction of the Senior Vice President, Information Technology Compliance and Security, this position willplay a key role in continuing to develop our security operations as well as supporting ongoing security governance initiatives. This is a new role helping to build out our maturing information security function.
The Sr. Cyber Security Engineerwill operate at multiple levels within the organization leading and participating in security operations, projects, risk assessments, incident response, and policy creation and maintenance. In addition, they will work across the organization acting as a trusted advisor on security related topics identifying and recommending solutions on security related items. We operate in a highly regulated environment (SOX, SOC 2, HIPAA, GDPR, CCPA, ISO, FDA, EU MDR) and the Sr.Cyber Security Engineermust have a working knowledge in these regulations.
Responsibilities:
- Actively identify, investigate, and respond to security threats and incidents related to systems and workflow to ensure internal security controls are appropriate and operating as intended within the organization
- Manage, operate, and maintain the SIEM (Splunk-based) along with the security monitoring tools used for intrusion analysis and incident response.
- Find/develop new threat intelligence, detection and hardening strategies.
- Analyze cyber threat data and correlate with existing understanding of cyber threats impacting iRhythm environment.
- Evaluate existing methods and recommend scalable solutions for Security and Incident Response
- Conduct Proof of Concepts for solutions and technologies required for Security Operations
- Manage the security vulnerabilities and risks across iRhythm including identifying, supporting application/system owners to manage risks and remediate vulnerabilities
- Develop strategies to identify, manage, and mitigate identified threats and vulnerabilities to attain desired risk profile and communicate strategies to key stakeholders
- Supports the execution of the Enterprise Vulnerability Management Program including the delivery of enterprise-wide vulnerability assessments and targeted penetration testing
- Collaborate with various teams and our Managed Security Provide for security operations and incident response, as required
- Provide information protection expertise to IT operational teams to ensure systems are properly protected and monitored.
- Evangelize security / compliance initiatives and engage with operations and development teams to ensure adherence to security policy guidelines, compliance standardsand drive changes needed to respond to emerging threats.
- Play an active role in the coordination and associated remediation activities for our SOC 2, HIPAA, NIST, GDPR, CCPA, UK Cyber Essentials, penetration, and cybersecurity assessments
- Support the development and ongoing delivery of security awareness training
- Coordinate execution of annual incident response and disaster recovery table-top walkthroughs and update processes and associated documentation
- The successful candidate will work cross organizationally through influence and help shape operating processes with value-add recommendations and regulatory guidance
Work Schedule:
- This is a full time, remote/working from home role
- 40 hours per week
Person Specification
Qualifications
Essential
- Bachelors degree in Computer Science, Information Security, or related field required
Experience
Essential
- Extensive information security experience preferably in a healthcare related industry and public company environment.
- Experience managing and responding to security threats.
- Experience investigating and acting on high impact threats.
- Experience utilizing Security Information and Event Management tools to monitor data flow between networks.
- Experience with operation of Identity Access Management (IAM), monitoring, and Data Loss Prevention (DLP) solutions such as Okta, Mimecast, Splunk, and Crowdstrike.
Desirable
- Experience with security operations and threat hunting
Knowledge, skills and abilities
Essential
- Understanding of industry standard threat modeling (killchain, diamond model, MITRE ATT&CK).
- Working knowledge of HIPAA/HITECH, GDPR, EU MDR, ISO, NIST CSF, SOC 2, SOX and other compliance regulations.
- Ability to think strategically about security risks and tie those to organizational priorities.
- Capable of building a network of relationships across organizational functions and to liaise with senior management.
- Excellent written and verbal communication skills; experience developing and delivering presentations and reports.
- Relevant and current industry certification(s): CISSP, CISM, CISA
- Fluent in English
Person Specification
Qualifications
Essential
- Bachelors degree in Computer Science, Information Security, or related field required
Experience
Essential
- Extensive information security experience preferably in a healthcare related industry and public company environment.
- Experience managing and responding to security threats.
- Experience investigating and acting on high impact threats.
- Experience utilizing Security Information and Event Management tools to monitor data flow between networks.
- Experience with operation of Identity Access Management (IAM), monitoring, and Data Loss Prevention (DLP) solutions such as Okta, Mimecast, Splunk, and Crowdstrike.
Desirable
- Experience with security operations and threat hunting
Knowledge, skills and abilities
Essential
- Understanding of industry standard threat modeling (killchain, diamond model, MITRE ATT&CK).
- Working knowledge of HIPAA/HITECH, GDPR, EU MDR, ISO, NIST CSF, SOC 2, SOX and other compliance regulations.
- Ability to think strategically about security risks and tie those to organizational priorities.
- Capable of building a network of relationships across organizational functions and to liaise with senior management.
- Excellent written and verbal communication skills; experience developing and delivering presentations and reports.
- Relevant and current industry certification(s): CISSP, CISM, CISA
- Fluent in English
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
