Security Engineer (GRC, Data Security)

Company:  Tbwa Chiat/Day Inc
Location: Snowflake
Closing Date: 08/11/2024
Salary: £100 - £125 Per Annum
Hours: Full Time
Type: Permanent
Job Requirements / Description

SmithRx is a rapidly growing, venture-backed Health-Tech company. Our mission is to disrupt the expensive and inefficient Pharmacy Benefit Management (PBM) sector by building a next-generation drug acquisition platform driven by cutting edge technology, innovative cost saving tools, and best-in-class customer service. With hundreds of thousands of members onboarded since 2016, SmithRx has a solution that is resonating with clients all across the country.

We pride ourselves on our mission-driven and collaborative culture that inspires our employees to do their best work. We believe that the U.S healthcare system is in need of transformation, and we come to work each day dedicated to making that change a reality. At our core, we are guided by our company values:

  • Integrity: Always operate with honesty and transparency so we earn the trust of our clients.
  • Courage: Demonstrate the courage needed to take on a broken industry and continuously improve what we offer to optimize health outcomes.
  • Together: Foster a collaborative and inclusive environment that values teamwork, respect, and open communication, and encourages creativity and diversity of thought.

Job Summary:

We are seeking a Security Engineer with a strong focus on Governance, Risk, and Compliance (GRC) as well as Automation & Data Security. This role will be responsible for managing and implementing security policies, risk assessments, data protection strategies, and regulatory compliance initiatives across the organization. The ideal candidate will possess a solid understanding of industry security frameworks, data security practices, and emerging threats. They will work closely with cross-functional teams to ensure that the organization adheres to security best practices while maintaining the confidentiality, integrity, and availability of data.

In order to be eligible for this position, applicants must be based in one of the following states: Arkansas, Arizona, California, Colorado, Florida, Georgia, Kansas, Minnesota, Missouri, Nevada, Ohio, Pennsylvania, Tennessee, Texas, Utah, Virginia, Washington, Wisconsin.

In this role, you will be responsible for:

GRC Management

  • Develop, implement, and maintain security policies, standards, and procedures to ensure compliance with industry standards (e.g., ISO 27001, NIST, GDPR, HIPAA, PCI-DSS).
  • Conduct regular security risk assessments and audits to identify gaps in compliance and recommend corrective actions.
  • Monitor and report on the effectiveness of the organization’s security posture and risk mitigation efforts.
  • Stay up-to-date with regulatory changes and work with relevant departments to ensure compliance with data protection laws and frameworks.

Data Security:

  • Implement and manage data security solutions, including encryption, data masking, and secure data transmission protocols.
  • Collaborate with IT teams to safeguard sensitive data, such as personally identifiable information (PII) and intellectual property.
  • Monitor and respond to data breaches, data loss events, and other security incidents, ensuring rapid containment and investigation.
  • Conduct regular vulnerability assessments and data privacy impact assessments to ensure the integrity of organizational data.

Security Awareness and Training:

  • Design and deliver security awareness training programs to educate employees on security best practices and compliance requirements.
  • Provide guidance on data security measures to teams handling sensitive information across the organization.

Vendor and Third-Party Risk Management:

  • Assess the security posture of third-party vendors and partners to ensure they comply with the organization’s security requirements.
  • Collaborate with legal and procurement teams to integrate security requirements into third-party agreements.

Incident Response and Risk Mitigation:

  • Contribute to the development and execution of incident response plans, focusing on GRC and data security components.
  • Collaborate with incident response teams to ensure proper escalation, investigation, and mitigation of security events.
  • Continuously evaluate and improve security controls, GRC processes, and data security practices.
  • Research and stay current with emerging threats, technologies, and industry trends to proactively address potential risks.

What you will bring to SmithRx:

  • Bachelor's degree in Information Security, Computer Science, Information Technology, or a related field (or equivalent experience).
  • 3+ years of experience in Information Security, focusing on GRC and/or Data Security.
  • Strong experience with security frameworks (ISO 27001, NIST, COBIT) and regulatory compliance (GDPR, HIPAA, PCI-DSS).
  • Hands-on experience with data protection strategies, encryption technologies, and risk management tools.
  • Strong analytical and problem-solving skills with the ability to assess complex security risks.
  • Familiarity with security tools and technologies (Vanta, Zscaler, Snowflake, Encryption tools, DSPM).
  • Excellent verbal and written communication skills to engage with both technical and non-technical teams.
  • Ability to manage multiple projects, prioritize tasks, and work effectively in a fast-paced environment.
  • Knowledge of cloud security principles and data governance in cloud environments is a plus.
  • Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or similar GRC and data security certifications preferred.

What SmithRx Offers You:

  • Highly competitive wellness benefits including Medical, Pharmacy, Dental, Vision, and Life Insurance and AD&D Insurance
  • 401(k) Retirement Savings Program
  • Short-term and long-term disability
  • Discretionary Paid Time Off
  • 12 Paid Holidays
  • Paid Parental Leave benefits
  • Employee Assistance Program (EAP)
  • Well-stocked kitchen in office locations
  • Professional development and training opportunities

Apply for this job

* indicates a required field

First Name *

Last Name *

Email *

Phone *

Location (City) *

Resume/CV *

Accepted file types: pdf, doc, docx, txt, rtf

LinkedIn Profile

Website

Legal Name *

What is your highest level of education completed? Did you receive a degree? *

What state are you located in? *

How many years of experience do you have in Information Security, focusing on GRC and/or Data Security? *

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in SmithRx’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

#J-18808-Ljbffr
Apply Now
Share this job
Tbwa Chiat/Day Inc
  • Similar Jobs

  • Security Engineer (GRC, Data Security)

    Snowflake
    View Job
  • Corporate Security Engineer

    Snowflake
    View Job
  • Engineer 3 || Security

    Snowflake
    View Job
  • Engineer 3 || Security

    Snowflake
    View Job
  • Corporate Security Staff Engineer

    Snowflake
    View Job
An error has occurred. This application may no longer respond until reloaded. Reload 🗙