Sr. Information Security Engineer

Job Locations US-IL-Aurora
Posted Date 3 months ago(12/6/2017 10:35 PM)
# of Openings
Information Technology





Looking for a way to influence the health and healthcare of many?


If so, we’d love to hear from you! Our mission-driven organization is focused on theTriple Aim - Better Health, Better Healthcare and Lower Costs to individuals and their families who participate in our health plans.


UNITE HERE HEALTH serves 100,000+ workers and 220,000 covered lives in the hospitality and gaming industry nationwide. Our desire to be innovative and progressive drives us to develop impactful programs and benefits designed to engage our participants in managing their own health and healthcare. Our vision is exciting and challenging. Please read on to learn more about this great opportunity!



Key Attributes:

  • Live Our Values – Role model for the Fund’s BETTER mission and workplace culture, and takes accountability for actions and results.

  • Integrity – Trustworthy and principled when faced with complex situations.

  • Teamwork – Ability to work effectively with others in a variety of situations and circumstances.

  • Positive Work Relationships – Ability to create and engender mutual trust and respect as essential to the collaborative relationships required.

  • Communication – Ability to generate concise, compelling, objective, and data-/fact-based analyses and reports, guidance, instructions, and policies, as well as other key messaging.

  • Diversity – Ability to embrace and work collaboratively in a culturally diverse environment.

  • Continuous Learning – Committed to excellence.  Possesses an intellectual curiosity with a motivation and orientation to continuous improvement.  As the Fund evolves, must be open to innovative ideas and proactive about developing new areas of expertise, skills, and experiences.


The Sr. Information Security Engineer will secure enterprise information by determining security requirements; designing, implementing, and administering appropriate security systems and controls; preparing necessary security standards, policies, and procedures; evaluating and overseeing IT business continuity (BC) planning efforts; and mentoring IT and business team members in security best practices. The role partners with UHH stakeholders to securely achieve the functional requirements of business initiatives.


Works with UHH business, IT, Heath Insurance Portability and Accountability Act (HIPAA) privacy, and other risk management teams to identify security solutions that best mitigate information security and privacy risks.


Components of this activity include:


Designs & Creates

  • Researches, evaluates, recommends, designs, implements and administers new or updated information security solutions
  • Creates and maintains information security architecture, policies, principles, and standards to help ensure compliance with business, regulatory and accreditation requirements (e.g., HIPAA, Utilization Review Accreditation Commission (URAC), and Payment Card Industry (PCI))
  • Participates in solution architecture design with internal and external resources; leads security efforts, assisting with the integration and initial implementation of solutions
  • Designs security solutions to mitigate threats where possible
  • Develops a common set of security tools; defines operational parameters for their use and conducts reviews of tool output; determines tool administration ownership roles with CIO
  • Develops and validates baseline security configurations for operating systems, applications, networking, and telecommunications equipment

Assesses & Remediates

  • Conducts and manages information security certifications, vulnerability analyses, and risk assessments; implements or oversees associated remediation activities
  • Oversees reviews of UHH security posture of third party vendors, service providers, and partners
  • Responds to, investigates and coordinates IT response to potential information security and privacy incidents including malware, intrusions and breaches
  • Conducts and manages security forensics activities when required, including oversight of third parties

Monitors & Administers

  • Maintaing security by monitoring and ensuring compliance to standards, policies and procedures
  • Leverages security toolset to monitor for abnormalities that could indicate a security compromise
  • Monitors and administers the current information security toolset (e.g., Security Event Information Management (SEIM) services)


  • Prepares system security reports through collection, analysis, and summarizing data and trends
  • Provides management reports highlighting information security program effectiveness, risk and vulnerability assessment findings, ongoing risk remediation efforts, and risk management recommendations
  • Develops dashboards and metrics to determine ongoing health and effectiveness of information security solutions


  • Partners with IT Network Engineering team to design network, cloud, business continuity and security solutions that best meet both UHH business and information risk management needs
  • Partners with HIPAA Privacy team to best ensure compliance to regulatory privacy requirements
  • Partners with IT, Privacy and Business teams to enhance, educate and promote the UHH security program
  • Collaborates on critical IT and organizational projects to help ensure security best practices are incorporated throughout the IT system and application development life cycles
  • Advises and promotes to IT system administrators the implementation of server and desktop hardening best practices
  • Performs other duties as assigned within the scope of responsibilities and requirements of the job
  • Performs Essential Job Functions and Duties with or without reasonable accommodation


Years of Experience and Knowledge

  • 5 ~ 7 years minimum direct, hands-on technical information security and systems security design experience
  • Advanced knowledge and experience in creating and enforcing controls based on industry standard security and control frameworks such as CIS, NIST, COBIT 5, ISO 27002
  • 2 years of systems integration and operations experience preferred
  • Strong knowledge of current and emerging security threats
  • Working knowledge in Security Analysis, including the following domains:
    • Formal Threat Modeling
    • Knowledge of Web Application Risks and Fundamentals
    • Gap Assessment
    • Compensating Mitigations
  • Extensive experience managing Windows security, mobile device and endpoint security
  • Experience and working knowledge managing security for Mac OS X and Linux systems
  • Advanced knowledge of information security principles and practices, including security risk assessment standards, risk assessment methodologies, and vulnerability assessment
  • Experience with Network and Computer Forensics and Malware Analysis
  • Experience with Cloud computing services, architecture, security concerns, and risk mitigation strategies
  • Experience leading complex projects and managing complex projects: developing project plans/schedules; delivering a product or service in a timely and cost-effective manner

 Education, Licenses, and Certifications

  • Bachelor's degree in Computer Science or related field or equivalent work experience required
  • Required: Certification in one or more relevant industry certifications (e.g. CISSP, CISM, CISA)

Skills and Abilities

  • Intermediate level Microsoft Office skills (PowerPoint, Word, Outlook, Excel)
  • Strong communication (verbal & written) and presentation skills to various audiences, including committees, large groups, senior management, and executive leadership
  • Ability to work with a full range of diverse technologies including logical and physical security architectures and technologies such as IDS/IDP, firewall, email, web, data, video, physical access control hardware and related operating system and supporting software


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed