CAPS IT Security Specialist
Irvine, CA

Job Description

Overview

About CAPS®

CAPS is the nation's largest network of outsourcing admixture pharmacies. A pioneer in the outsourcing of CSPs, CAPS was founded in 1991, and delivers high-quality, same-day, admixture services and solutions to hospitals and outpatient facilities across the nation. CAPS has two 503B Outsourcing Facilities that are registered with the FDA to provide anticipatory compounding services. CAPS also has 22 state licensed 503A regional pharmacies that dispense labeled, patient-specific prescriptions. To learn more, visit www.capspharmacy.com.

Responsibilities

Position Summary:

The IT Security Specialist works closely with management, business units, technology infrastructure and applications development to provide guidance and solutions concerning the effective implementation of reasonable and appropriate IT security controls and documentation necessary to preserve the integrity of information assets. This position will support efforts to identify, report on, and resolve IT security issues, as well as continuously improve information security and IT risk and compliance management programs. This person identifies, investigates, analyzes, and remediates information security events to ensure enterprise integrity against technical risks.

Responsibilities: Essential Duties

* Provide technical expertise and support in operational and implementation aspects of IT security framework controls, activities, and products.
* Work with parent company security teams to develop and monitor security systems and services to provide response and reporting on events and incidents.
* Assess and support of IT security controls, risk, and exposure for new and existing infrastructure and processes. Key goals are maturing current security operations and overall security posture, reduce risk profile and improve security services.
* Work with CAPS Sales and Legal teams to provide technical guidance on customer contract agreements, responses to data security questionnaires in a timely manner.
* Review newly provisioned and existing systems to ensure they align with security architecture standards; meet security requirements; and identify potential exposure to risk and limit risk factors to parent company B.Braun, Inc.
* Evaluation and implementation of security technologies and services.
* Assess new projects and implementations. Convey to CAPS management, parent company IT security teams to insure expected security controls are in place that meet organizational standards.
* Assist in reviewing and is actively involved in security related aspects of RFP's for third-party services.
* Assist in developing communications and actively promote related campaigns for information security awareness among all staff.
* Maintain an awareness of existing and proposed security standards groups, state and federal legislation and regulations pertaining to information security and identify regulatory changes that will affect information security policy, standards and procedures.
* Provide expertise as necessary to support security investigations and support incident responses.
* Keep informed of current technologies, trends, standards, and industry issues related to security and risk management.
* Serve as project leader on assigned projects. Provide timely updates and project tracking.
* Work with IT and parent company IT security management to draft SOPs and system validation plans as required to meet corporate business needs and support the company's regulatory requirements.
* Prepare project status reports to inform management to project progression. Identify any issues, which need to be escalated for resolution or assistance.
* Work with internal staff and service providers to develop and implement security solutions.
* Analyze and draft responses to customer data security agreement requests. Work with CAPS IT SME's, management, legal to implement approved security technologies and standards to meet or exceed customer expectations.
* Aligns IT security policies, procedures and compliance guidelines with corporate policies. Maintain IT security documentation as required for outside regulatory agencies (FDA, ISO, HIPPA, etc).
* Conduct annual PEN tests with third party security teams on CAPS customer facing web services that process ePHI transactions. Present security posture reports and action plan to remediate findings.
* Familiar with GAMP 5 methodology of risks and documentation lifecycles. Capable of drafting validation protocol security tests for system changes to improve security or as needed to meet global security standards.

Expertise: Knowledge & Skills

* Must be self-motivated and know when to seek guidance; detail-orientation is a must.
* Flexibility, ability to change priorities quickly, and capacity to handle multiple tasks.
* Effective communication and interpersonal skills with all levels of peers, partners, business groups, and management.
* Ability to consistently learn technology evolution and apply those concepts.
* Ability to work independently and as part of a team.
* Ability to communicate effectively to both technical & non-technical audiences.
* Ability to work with third party vendors to resolve technical issues.
* Must have strong project management skills, including excellent organizational, documentation and time management skills.
* Must maintain confidentiality of proprietary, financial and personal data.

IN2017

#LI-GL1

Qualifications

Expertise: Qualifications - Experience/Training/Education/Etc

Required:

* Bachelors Degree in computer science, engineering or other related field of study.
* 4 years of experience in information security.
* Knowledge of ISO27001/27002, COBIT and ITIL, CIS-20, HITEC, HiTrust frameworks.
* Knowledge of security regulations including SAS 70, and HIPAA.
* Strong knowledge and experience with IP networking, networking protocols, IPSec, PKI, encryption technologies.
* Experience working with intrusion prevention system output reporting, Malware detection, Anti Virus technology, proxy services, and DNS.
* Knowledge of spam, phishing, web filtering technologies.
* Experience with Internet, web, application and network security techniques.
* Experience with coding best practices OWASP and capable of providing feedback, recommendations during software code reviews.
* Ability to handle multiple projects simultaneously, meet deadlines, while effectively managing priorities and communicating progress.
* Ability to comprehend, document and implement detailed project specifications as well as the ability to adapt to various technologies.
* Understanding of project lifecycle, strong analytical and problem solving skills. Ability to work independently or in a team.
* Ability to identify opportunities for improvement and approach problems with a sense of ownership, enthusiasm and innovation.
* Must be willing to travel for business, and work extra hours when necessary.
* Must be willing to carry a mobile device, and provide after hours and off-site support.

Desired:

* Operational experience with IDS/IPS technologies
* SANS GIAC, ISC2 (e.g, SSCP) or equivalent certifications
* Knowledge of regulatory requirements within a Healthcare environment, specifically with FDA system validation.
* Knowledge of business continuity and disaster recovery

While performing the duties of this job, the employee is regularly required to sit and talk or hear. The employee frequently is required to use hands to handle or feel and reach with hands and arms. The employee is occasionally required to stand and walk. The employee must occasionally lift and/or move up to 50 pounds.

Braun offers an excellent benefits package, which includes healthcare, a 401(k) plan, and tuition reimbursement. To learn more about B. Braun and our safety healthcare products or view a listing of our employment opportunities, please visit us on the internet at www.bbraunusa.com..

Through its "Sharing Expertise®" initiative, B. Braun promotes best practices for continuous improvement of healthcare products and services.

Other

Responsibilities: Other Duties:

The preceding functions have been provided as examples of the types of work performed by employees assigned to this position. To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed in this description are representative of the knowledge, skill, and/or ability required. Management reserves the right to add, modify, change or rescind the work assignments of different positions due to reasonable accommodation or other reasons.

Physical Demands:

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is regularly required to sit and talk or listen. The employee frequently is required to use hands to handle or feel and reach with hands and arms. The employee is occasionally required to stand and walk. Ability to lift 40-50 lbs.

Work Environment:

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with physical challenges to perform the essential functions. The noise level in the work environment is usually moderate.