HCR ManorCare provides a range of services, including skilled nursing care, assisted living, post-acute medical and rehabilitation care, hospice care, home health care and rehabilitation therapy.
Information security safeguards the digital health of our Patients throughout HCR-ManorCare s range of services, including skilled nursing care, assisted living, post-acute medical and rehabilitation care, hospice care, home health care and rehabilitation therapy.
Are you looking for a place where you can be engaged in exciting challenging work and grow your career You ll be working in an vast and complex environment to understand the risks and to deny and disrupt attacks against critical business systems. This role ensures compliance and performs in-depth risk analysis, while assisting business groups to reducing risks of compromise.
You should have demonstrated analytic ability to assess technical environments, discover weaknesses, and analyze exploitation opportunities. Also necessary is the expertise to evaluate and recommend business-first defensive mechanisms to minimize exposures.
Candidates need business acumen to understand HCR s different services and the threat vectors that are most dangerous to that part of the business. Expertise in writing technical risk assessments is required, not just popping shell or stealing credentials. Technical acumen includes, but is not limited to, source code scanners, vulnerability scanners, 3rd party risk identification, application and infrastructure penetration testing. Candidates must have expertise using open source tools, gathering and interpreting information, performing Internet-based research, identifying mitigation strategies, and effectively communicating the results and risk mitigation plans to non-technology business groups.
Such a person should be able to or possess (in priority):
Curiosity about how technology works and be courageous enough to take it apart
Team player, capability to collaborate with diverse people from a variety of areas- both technical and business - and build consensus solutions
Ability to self-manage and prioritize complex and occasionally competing tasks
Experience assessing technologies from a risks perspective and documenting remediation options with recommendations
Knowledge of Android, iOS, W10, and Windows Server, and O365/Azure operating environments
Experience with packet level analysis and forensics low-layer IP networking and have a thorough understanding of network security
Experience with administering both Linux systems and Windows Servers
Proficient with a programming language such as Swift, Java, Powershell, Python, PHP, C or similar
Proficient working knowledge within the following risk domains/technologies: Database and application security, IDS/IPS technologies, System/Access Administration, Firewall technologies, Network Architecture, Security Event Logging & Monitoring , Database/Application/Network Layer Protocols, Secure Software/Code Development, Vulnerability Management.
This role has 4 major deliverables:
In return for your expertise, you ll enjoy excellent training, industry-leading benefits and unlimited opportunities to learn and grow. Be a part of the team leading the nation in healthcare.000 - Corporate Office
Experience hacking systems either formally or informally.
Two to four years of Information Security experience in 3 of the 5 following areas:
Application Development Security,
Information Security Governance and Risk Management
Legal regulations, investigations, and compliance, and
Telecommunications and Network Security
Prior work in Healthcare
Experience with PCI, SOX, HIPAA, and NIST regulatory standards
Certification: ISACA or ISC , GPEN, GCWN, GCED or ECSA a plus
Proficient in recognized IT control frameworks and standards (e.g., COBIT, ITIL, and ISO 27000).Job Specific Details:Remote is not an option.