Information Security Lead (EPIC)

New York, NY /
Office of the EVP & Chief Operating Officer (COO) – Information Security /
Full Time - Non-Union
Planned Parenthood Federation of America (PPFA) is the national umbrella organization for the nation’s leading network of women’s health care providers, educators, and advocates, serving women, men, teens and families. Planned Parenthood Action Fund is the advocacy and political arm of PPFA. For over 100 years, Planned Parenthood has done more than any other organization in the United States to improve women’s health and safety, prevent unintended pregnancies, and advance the right and ability of individuals and families to make informed and responsible health care decisions.  

Planned Parenthood Federation of America (PPFA) seeks a dynamic and effective Information
Security Manager. This job reports directly to the Sr. Director of Security Architecture in the
Information Security division of PPFA. The Office of Information Security provides the strategy
and implementation of the information security program that safeguards the data entrusted to
Planned Parenthood by its patients, supporters, donors, and staff.

PURPOSE

    • The Epic InfoSec Lead is responsible for PP Epic Systems Information Security with the goal of protecting the data entrusted to PPFA. This position provides InfoSec monitoring, event investigation, and analysis while reporting to PPFA leadership on appropriate strategy and mitigations to reduce risk.

DELIVERY

    • The Epic InfoSec Lead will identify, implement, and maintain InfoSec toolsets to appropriately protect PP.
    • Lead and manage special information security projects such as planning upgrades, enhancements, and testing.Collaborate with the various Epic support teams to report on the health of the PP Epic environment
    • Lead and perform control self-assessments on the Epic Software Environment
    • Attests to the function of the information security controls on an annual basis.
    • Ensure systems security and integrity of the PP data complies with federal and local laws
    • Security Monitoring - working with the MSSP, provide security monitoring oversight through threat/risk analysis in a 24/7 environment
    • Event Investigation & Assignment – Monitor & ensure established processes are followed for collecting relevant data and performing the necessary levels of analysis on that data occur.
    • Ensure events are assigned and managed appropriately.
    • Advise and develop strategy for creating and maintaining InfoSec Standard Operating Procedures and provide recommendations on process improvements
    • Assist in Vulnerability Assessments prioritization, reporting and remediations working with Operations staff and corporate vendors as needed in correcting errors and alerts as found with the IT infrastructure systems.
    • Report weekly KPI/KRI to leadership on the health of the environment

ENGAGEMENT

    • The Epic Information Security Lead will engage with InfoSecOps, the MSSP, staff and leadership as needed within both PPFA and Affiliates.
    • Strong communication skills to provide support directly to all levels of management and staff.
    • Comfortable interacting with both executive and general staff, and communicating with both technical and non-technical audiences.
    • Comfortable interacting directly and supporting Affiliate management and staff
    • Work closely with the PPFA InfoSec team to establish prevention, detection and mitigation techniques
    • Work closely with the MSSP proactively in day-to-day SOC operations and SIEM oversight
    • Independent decision-making capabilities, especially in identifying analysis tracks for escalated events, analysis assignments, and escalation decisions ranging from a base
    • Tier I event to Incident Response level remediations.

Knowledge, Skills and Abilities (KSAs)

    • (Required) 2+ years of Epic Security experience
    • 5+ years of EHR experience
    • Bachelor’s degree
    • Preferred Industry Certification: Epic Security Certification, CISM, CISSP
    • Experience in compliance requirements and industry standards like PCI, HIPAA, ISO 27001, NIST, CSF, ITIL, COBIT, Sarbanes Oxley and SANS 20.
    • UNIX, AIX & Solaris, Linux, Windows Server Operating Systems
    • Security Information and Event Management (SIEM)
    • Vulnerability scanner/Penetration testing systems
    • Switches/Routers, Firewalls (basic configuration)
    • TCP/IP networking, VPN, VLAN, NAT and security concepts
    • Software & Hardware Asset Management
    • Security threat and attack countermeasures
    • Ability to assist in IR incidents as assigned by management
    • Ability to conduct forensic analytical studies and investigations
    • Ability to work in a matrixed environment
Travel : 0-25% as needed

PPFA participates in the E-Verify program. We are an equal opportunity employer and are committed to maintaining a non-discriminatory work environment. PPFA does not discriminate against any employee or applicant for employment on the basis of race, color, religion, sex, national origin, age, disability, veteran status, marital status, sexual orientation, gender identity, or any other characteristic protected by applicable law.  We're committed to creating a dynamic work environment that values diversity and inclusion, respect and integrity, customer focus, and innovation.