Completes tasks designed to ensure security of the organization's systems and information assets. Protects against unauthorized access, modification, or destruction and develops IT security policies and standards. Works with end users to determine needs of individual departments. Understands internet architecture and firewall configuration to protect system security. May need to authorize user access and familiar with domain structures and digital signatures. Contributes to moderately complex aspects of a project. Work is generally independent and collaborative in nature.
Essential Duties and Responsibilities:
- Continually assess the ability of Arthrex systems and functionality to protect PHI, PII, IP, and Cardholder data according to applicable global regulatory and compliance standards
- Ensure the sufficiency and appropriateness of security procedures, policies and safeguards as required by HIPAA, PCI-DSS, FDA, and GDPR.
- Educate and train company personnel concerning the purpose and importance of security policies and procedures
- Assess the risk of various security vulnerabilities and environmental factors
- Conduct information security audits to verify the sufficiency and effectiveness of Arthrex safeguards, standards, policies and procedures
- Coordinate response to security incidents and ensure timely corrective and preventative actions
- Develop procedures to monitor and manage security related complaints and incidents
- Maintain all security related documentation and records
- Recommend changes to information systems to improve the efficiency and effectiveness of security policies, procedures and safeguards.
- Research security emgering technologies for applicability
- Develop and maintain a Medical Device Security program
The above statements describe the general nature and level of work being performed in this job. They are not intended to be an exhaustive list of all duties, and indeed additional responsibilities may be assigned, as required, by management.
Education and Experience:
Minimum of five years of experience in information security required. Bachelors Degree required. Degree in Computer Science or related field preferred. Certified Information System Security Professional (CISSP) preferred.
Knowledge and Skill Requirements/Specialized Courses and/or Training:
In-depth knowledge of Microsoft Windows networking and design, security, Local and Wide Area network design. Experience with servers, virtualization and storage systems.
Machine, Tools, and/or Equipment Skills:
Servers, printers, desktop computers, laptops, miscellaneous hardware and software.
All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.