Security Engineer III

WellSky is seeking an Information Security Risk Analyst to join our team.  We are on a mission to elevate healthcare through superior analytics, processes, and engineering. Be a part of transforming the healthcare industry! Our users are Patients, Doctors, Nurses, Social Workers, Chaplains, Administrators, and many others on the front lines of healthcare.  WellSky engineers touch the lives of real people navigating life and death issues with the support of our solutions. We seek to build purpose-driven teams where comradery and compassion are coupled with a dogged pursuit of excellence.  Bring passion, creativity and dedication to your job and there's no telling what you could accomplish.

The Information Security Analyst provides operational and administrative support for the information security program at WellSky. This position creates, implements, and monitors policies, procedures and controls as required by WellSky, its clients, and federal and state governments.  The analyst will respond to security assessments from sales prospects and support WellSky’s internal and external audit requirements under its SOC2, Type 2 certification. The Information Security Analyst may also conduct incident response investigations to ensure appropriate reporting and corrective actions are taken. The position will conduct workforce training, raise awareness of security threats and best practices, and monitor the environment for threats. 

A day in the life!

You will be responsible for the following:

Design Controls, Policies and Procedures 

• Ensure that appropriate security measures are included in application design 
• Evaluate and recommend technical solutions for risk mitigation or controls 
• Design appropriate policies and procedures as identified by risk assessment activities or awareness of emerging threats 
• Monitor existing policies for compliance 
• Participate in disaster recovery planning and business continuity planning 
• Evaluate risk profile of WellSky’s SaaS and on-premise software products 

Monitor the Risk Environment and Support Client Risk Assessments 

• Drive or participate in risk assessment activities 
• Assess risk of third parties with whom we do business 
• Respond to the security questionnaires and security risk assessments of WellSky’s clients and sales prospects 
• Review Business Associate Agreements (BAA) and other contract documents as needed 
• Monitor information system activities for suspicious events such as logins, administrative rights usage, abandoned sessions or their vulnerabilities 
• Perform vulnerability testing, risk analysis and security assessments utilizing security scanning tools, standards and best practices 
• Keep current on best practices in risk mitigation 
• Conduct third party risk assessments

Training and Awareness 

• Conduct formal workforce training as required by law or regulation 
• Conduct awareness activities to reinforce best practices 
• Design and administer Phishing simulation campaigns 
• Conduct incident response investigations. Document and report findings and make recommendations for corrective action.  
• Interact with regulatory agencies, auditors or other compliance entities to support investigations 
• Create management reports summarizing accomplishments in security controls as well as suspicious activities 

Do you have what it takes?

Required Experience:

• BS in Computer Science or a related technical field with 3 to 5 years’ experience in Information Technology Security or related functions (IT Audit, IT Risk Management); or an equivalent combination of education and experience. 
• Knowledge of internal controls and Information Technology risk assessment and mitigation procedures 
• Skilled at advocating and championing technical and non-technical solutions 
• Strong analytical skills and capable of translating complex business problems into conceptual solutions that fit the business need 
• Excellent interpersonal and communication skills 
• Excellent critical thinking and analytical skills 
• Customer service orientation 
• Experience with at least one external audit standard (e.g. SOC2 Type 2, HITRUST, ISO 27001) 

Do you stand above the rest?

Preferred Experience:

• CISSP or equivalent certification preferred 
• An understanding of healthcare from an operational and functional perspective preferred 
• Experience creating training materials and facilitating training events and communications 
• Technical experience with security related technologies such as Active Directory, encryption, anti-virus, or Experience with regulated data and government regulations (HIPPA, PCI-DSS) firewalls 

Who We Are:

• We have an open environment where highly motivated, ambitious engineers can help drive innovation.
• We include a diverse group of collaborative & super intelligent teammates to work with and learn from.
• We constantly strive to solve large scale challenges with a variety of technologies.
• We strongly support a work/life balance.
• We believe in giving recognition for doing what you enjoy.

Connect with Ideas That Truly Matter!

About WellSky

WellSky is a leading supplier of software and services solutions that help acute, post-acute, and human service providers improve efficiency, support business growth, and provide intelligent care to patients and people in need. WellSky is headquartered in Overland Park, KS with 1,800 teammates across the U.S., Canada, and the U.K. WellSky serves more than 20,000 client sites around the world - including the largest hospital systems, blood banks and labs, in-home care agencies, post-acute care facilities, government agencies, and human services organizations. WellSky's software and services address the continuum of health and social care - helping businesses, organizations, and communities solve touch challenges, improve collaboration for growth, and achieve better outcomes through predictive insights that only WellSky solutions can provide. Informed by 40 years of providing software and expertise, WellSky anticipates providers' needs and innovates relentlessly to help people thrive. Our purpose is to empower care heroes with technology for good, so that together, we can realize care's potential and maintain a healthy, flourishing world.

We're looking for talented individuals who want to use their skills to build a strong, technology-driven company. We offer competitive salaries, great benefits, a new Health Savings Account with a generous employer contribution and a casual and fun environment that encourages quality, creativity and excellence. Enjoy all we have to offer. We invite you to join us. Apply today!

WellSky provides equal employment opportunities to all people without regard to race, color, national origin, ancestry, citizenship, age, religion, gender, sex, sexual orientation, gender identity, gender expression, marital status, pregnancy, physical or mental disability, protected medical condition, genetic information, military service, veteran status, or any other status or characteristic protected by law. WellSky is proud to be a drug-free workplace.

Applicants for U.S. based positions with WellSky must be legally authorized to work in the United States. Verification of employment eligibility will be required at the time of hire. Visa sponsorship is not available for this position.