Sr. Data Security Engineer
Laboratory Corporate of America (LCA) is seeking a Senior Data Security Engineer to join the Office of Information Security, reporting to the Director of Security Engineering and Innovation. The Senior Data Security Engineer will lead and implement an enterprise strategy on data security, and will partner with various technical teams to ensure this strategy is carried out. The Senior Data Security Engineer will also work closely with other security staff and represent the interests of the broader Information Security team to the rest of the enterprise.
- Manage, implement, and continuously improve the security of company data, including client and patient data.
- Define and ensure implementation of appropriate security controls commensurate with data classification.
- Define and ensure a consistent set of controls in order to secure protected health information (PHI).
- Partner with DevOps and other technical teams representing infrastructure, application development, and information security in order to design and implement data security solutions.
- Evaluate, recommend, and implement data security controls including transactional auditing, log retention, encryption and data masking.
- Articulate and maintain a solid understanding of technical controls required to secure data at rest and in transit.
- Assess business requirements and use cases in order to facilitate the adoption of data security controls.
- Monitor and report on access to sensitive data; respond to any data breaches accordingly.
- Work closely with database administrators to understand and implement security controls inherent in the platform (Oracle, Microsoft SQL, Sybase, etc.).
- Work closely with team members from Risk Management and Compliance in order to understand external compliance requirements.
- Represent the interests of the broader Information Security team to other technical staff and business stakeholders.
- Develop and maintain data security standards and evangelize those to appropriate staff.
- Develop and share data security expertise within the broader Information Security team.
- In partnership with the broader Information Security team, research and recommend emerging security technologies/tools to address current and future threats.
- Provide guidance for security remediation to business and IT partners by conducting technical risk assessments (includes vulnerability assessment).
- Participate in security incident handling and investigations as required.
- Interact and manage vendors, outsourcers, and contractors regarding security products and services.
- Manage and/or provide guidance to junior members of the team.
- Minimum 3 years experience in information security.
- Proven experience and success with data security design and implementation.
- Working knowledge of common database security controls, including encryption and data masking.
- Proven experience with information security best practices.
- Proven project management and organizational skills, specifically managing multiple, concurrent projects.
- Strong interpersonal, written, and oral communication skills.
- Highly self-motivated and directed professional, with keen attention to detail.
- Excellent analytical, problem-solving and decision-making abilities.
- Able to effectively prioritize tasks in a high-pressure environment.
- Strong customer service and solution-focused orientation.
- Experience working in a team-oriented, collaborative environment.
- Bachelor's or Master's Degree in Information Systems, Computer Science or related discipline is highly desired.
- CISSP certification desired.
- Development or scripting knowledge desired.
- Understanding of industry standards and compliance requirements related to information security and data security--especially ISO 27001, HIPAA, and PCI DSS.
- Working knowledge of at least one major data security platform (IBM Guardium, Imperva SecureSphere for Databases, etc.)
- Experience working with noSQL databases including MongoDB and Hadoop.