You dream in technology. Whether it’s software, hardware, or data – you like to get your hands dirty and know how things work. And naturally, you have an area that’s your specialty. Now, bring those skills to an organization that delivers patient essentials to more than 1,700 Patient Service Centers, nationwide. If you share our passion for improving physician care on everything from cardiology to oncology, please click on your desired Information Technology position above to learn more about joining our team.
Sr. Data Security Engineer
Laboratory Corporate of America (LCA) is seeking a Senior Data Security Engineer to join the Office of
Information Security, reporting to the Director of Security Engineering and Innovation. The Senior Data
Security Engineer will lead and implement an enterprise strategy on data security, and will partner with
various technical teams to ensure this strategy is carried out. The Senior Data Security Engineer will also
work closely with other security staff and represent the interests of the broader Information Security team
to the rest of the enterprise.
·Manage, implement, and continuously improve the security of company data, incLuding client and
·Define and ensure implementation of appropriate security controls commensurate with data
·Define and ensure a consistent set of controls in order to secure protected health information (PHI).
·Partner with DevOps and other technical teams representing infrastructure, application development,
and information security in order to design and implement data security solutions.
·Evaluate, recommend, and implement data security controls including transactional auditing, log
retention, encryption and data masking.
·Articulate and maintain a solid understanding of technical controls required to secure data at rest and
·Assess business requirements and use cases in order to facilitate the adoption of data security
·Monitor and report on access to sensitive data; respond to any data breaches accordingly.
·Work closely with database administrators to understand and implement security controls inherent in
the platform (Oracle, Microsoft SQL, Sybase, etc.).
·Work closely with team members from Risk Management and Compliance in order to understand
external compliance requirements.
·Represent the interests of the broader Information Security team to other technical staff and business
·Develop and maintain data security standards and evangelize those to appropriate staff.
·Develop and share data security expertise within the broader Information Security team.
·In partnership with the broader Information Security team, research and recommend emerging
security technologies/tools to address current and future threats.
·Provide guidance for security remediation to business and IT partners by conducting technical risk
assessments (includes vulnerability assessment).
·Participate in security incident handling and investigations as required.
·Interact and manage vendors, outsourcers, and contractors regarding security products and services.
·Manage and/or provide guidance to junior members of the team.
·Minimum 5 years experience in information security.
·Proven experience and success with data security design and implementation.
·Working knowledge of at least one major data security platform (IBM Guardium, Imperva
SccureSphere for Databases, etc.)
·Working knowledge of common database security controls, including encryption (Oracle TDE) and
·Experience working with noSQL databases including MongoDB and Hadoop.
·Proven experience with information security best practices.
·Proven project management and organizational skills, specifically managing multiple, concurrent
·Strong interpersonal, written, and oral communication skills.
·Highly self motivated and directed professional, with keen attention to detail.
·Excellent analytical, problem-solving and decision-making abilities.
·Able to effectively prioritize tasks in a high-pressure environment.
·Strong customer service and solution-focused orientation.
·Experience working in a team-oriented, collaborative environment.
·Bachelor's or Master's Degree in Information Systems, Computer Science or related discipline is
·CISSP certification desired.
·Development or scripting knowledge desired.
·Understanding of industry standards and compliance requirements related to information security and
data security-especiaUy ISO 27001, HIPAA, and PCI DSS.