Himalayas รีโมท / WFH Teknologi & IT Full Time

Sr. Engineer, Governance, Risk & Compliance (TPRM)

NextGen Healthcare

Algeria, Argentina, Germany, Italy, Spain, United Kingdom ไม่เปิดเผยเงินเดือน Posted 2 days ago
Location Algeria, Argentina, Germany, Italy, Spain, United Kingdom
Salary ไม่เปิดเผยเงินเดือน
Job Type Full Time · Remote
Country Jerman

Job Description

Full details about the role and requirements

Yukerja Summary

The Sr. Engineer, Governance, Risk & Compliance (TPRM) role at NextGen Healthcare is curated from Himalayas (category Teknologi & IT). This role is marked as remote — check timezone and location requirements on the official listing. Yukerja.com is not the employer — applications are handled on the official source site.

Job Description:

The Sr. Security Engineer will develop solutions leveraging tools and technology. The ideal candidate is one who has a security engineering background with experience in both cybersecurity and information security.
  • Develop solutions using tools and technology to support Information Security and GRC work, project, and initiatives.
  • Act as system administrator for certain security or GRC tools such as phishing and training platform, Data Loss Prevention (DLP) solution, Third Party Risk Management (TPRM) platform, Risk Register, privacy management, etc.
  • Integrate related tools with other systems as needed.
  • Engage with security vendors on design sessions, and help configure GRC solutions for use.
  • Work with IT partners in Application Security, Security Engineering and Operations, Enterprise Applications, Desktop Support, Help Desk, Networking and Infrastructure Operations, to get data and information needed to support GRC work.
  • Work with IT teams and partners to extrapolate SIEM related data from source system logs such as security, application, system, and network logs to assess risks and help the GRC team determine compliance.
  • Work with IT teams and partners to bridge technology between GRC goals and cybersecurity / technology solutions such as IAM, PAM, MFA, RBAC, SSO, DLP, IDS/IPD, XDR, MDM, SIEM, etc.
  • Support data analysis and metrics by pulling data from source systems.
  • Stay current with threat intelligence and make recommendation for improvements.
  • Participate in security incidents as needed.
  • Support security assessment requests for customers, HITRUST, SOC 2, etc. by pulling appropriate data as needed.
  • Work with IT partners to integrate GRC value-add into their secured software development life cycle, software engineering, infrastructure, network, and operation needs.
  • Maximize the utilization of Security tools and technology.
  • Assist with the development of policies and procedures.
  • Stay current with changes in information security and cybersecurity regulations, industry frameworks, and best practices, and apply it to existing NextGen GRC solutions.
  • Use security engineering skills to help streamline or automate NextGen methodology for maintaining accreditations or certifications (e.g., SOC 2, HITRUST, etc.).
  • Use security engineering skills to help streamline or automate NextGen methodology for responding to customer security assessments or questionnaires.

Education Required:

  • Bachelor's Degree in Computer Science or related discipline or advanced degree.
  • Or, any combination of education and experience which would provide the required qualifications for the position.

Experience Required:

  • 4-6 years of relevant experience or advanced Degree.
  • Security engineering experience, including implementing information security or cybersecurity solutions.
  • Experience in working with security technology, tools, or processes such as phishing campaigns, vulnerability scans, IRPs, playbooks, IAM, PAM, MFA, RBAC, SSO, DLP, IDS/IPD, XDR, MDM, SIEM, threat hunting, etc.
  • Experience with one or more of the following frameworks: COSO, NIST CSF, RMF, ISO, COBIT.
  • Experience working in an environment with one or more of the following: Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley Act (SOX), Security Operation Center (SOC), Payment Card Industry (PCI), GRC
  • Experience working with IT partners and adequate exposure to their areas such as SSDLC, software engineering, infrastructure, networking, service desk, desktop support, security operations, etc. This includes experience or sufficient exposure and familiarity with the tools they use.

License/Certification Required:

  • Information security or cybersecurity related certifications such as CISA, CISSP, CISM, CRISC, CEH, GIAC (GCFA), or ability to acquire certification within 18 months.
  • HITRUST Framework and CSF certification knowledge. Governance, Risk and Compliance tools.

Knowledge, Skills & Abilities:

  • Knowledge of: GRC, information security, and cybersecurity principles, phishing campaigns, cybersecurity awareness and training, risk assessments, risk registers, security events and incidents, security frameworks, standards, guidelines, controls, federal and state security regulations and trends, current cybersecurity threats, data protection, administrative, technical and physical security controls, third party risk management (TPRM). IT / security processes or tools such as IAM, PAM, MFA, RBAC, SSO, DLP, IDS/IPD, XDR, MDM, SIEM, IRP, backups, DR & BCP, playbooks, MSP or MSSP, MDR or XDR, 24x7 SOC, endpoint security, SIEM, vulnerability scans, patching, pen testing, red/blue/purple teaming, tabletop exercises, encryption at rest and in transit, networking, firewalls, infrastructure, colo data centers, hosted environments such as Azure, AWS, or Google Cloud, and Active Directory.
  • Skill in: Information security, cybersecurity, ethical hacking, some understanding of code and scripts, working as member of a team; communicating effectively; establishing and maintaining effective working relationships.
  • Ability to: Determine how a system should work and how changes in conditions, operations, and the environment will affect outcomes; work in a fast-paced environment; stay organized, prioritize workload, multi-task, and meet deadlines.

The company has reviewed this job description to ensure that essential functions and basic duties have been included. It is intended to provide guidelines for job expectations and the employee's ability to perform the position described. It is not intended to be construed as an exhaustive list of all functions, responsibilities, skills and abilities. Additional functions and requirements may be assigned by supervisors as deemed appropriate. This document does not represent a contract of employment, and the company reserves the right to change this job description and/or assign tasks for the employee to perform, as the company may deem appropriate.

NextGen Healthcare is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.

Originally posted on Himalayas

Disclaimer: Yukerja.com is a job aggregator, not an employer. This listing is aggregated from Himalayas. Applications are processed on the official company or source site. We are not responsible for listing accuracy.

Tips for Applying to Sr. Engineer, Governance, Risk & Compliance (TPRM)

  1. Read the full description and ensure your skills match before applying to NextGen Healthcare.
  2. Tailor your CV and cover letter to keywords in the job description — especially for Teknologi & IT roles.
  3. Click Apply Now to go to Himalayas. The hiring process is entirely on the source site.
  4. Prepare an updated portfolio or LinkedIn profile if required during screening.
  5. Beware of payment requests — legitimate jobs do not charge application fees.

Related articles: CV ATS · Career Blog & Tips